diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
deleted file mode 100644
index a19bb2bf..00000000
--- a/.github/workflows/deploy.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-name: Terraform Deployment
-
-on:
- workflow_dispatch:
- inputs:
- environment:
- description: "Environment name"
- required: true
- type: choice
- options:
- - prod
- pull_request: null
-
-jobs:
-
- deploy:
- runs-on: ubuntu-latest
- name: Deploy to ${{ inputs.environment }} Environment
- environment:
- name: ${{ inputs.environment }}
- url: https://${{ vars.DOMAIN_NAME }}
- steps:
- - name: Checkout Code
- uses: actions/checkout@v4
-
- - name: Set up Terraform
- uses: hashicorp/setup-terraform@v2
- with:
- terraform_version: 1.9.8
-
- - name: Configure AWS Credentials
- uses: aws-actions/configure-aws-credentials@v4
- with:
- aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
- aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- aws-region: ${{ vars.region }}
-
- - name: Set DB Password and Username as Environment Variables
- run: |
- echo "TF_VAR_environment=${{ inputs.environment }}-env" >> $GITHUB_ENV
- echo "TF_VAR_project_id=${{ vars.project_id }}" >> $GITHUB_ENV
- echo "TF_VAR_org_id=${{ vars.org_id }}" >> $GITHUB_ENV
-
- CRED_PATH=$(pwd)/credentials.json
- echo ${{ secrets.credentials }} >> $CRED_PATH
- echo "CRED_PATH=$CRED_PATH" >> $GITHUB_ENV
- echo "TF_VAR_credentials=$CRED_PATH" >> $GITHUB_ENV
- echo "TF_VAR_billing_account=${{ secrets.billing_account }}" >> $GITHUB_ENV
- echo "TF_VAR_repository_username=${{ secrets.repository_username }}" >> $GITHUB_ENV
- echo "TF_VAR_repository_password=${{ secrets.repository_password }}" >> $GITHUB_ENV
- echo "TF_VAR_db_username=${{ secrets.TF_VAR_db_username }}" >> $GITHUB_ENV
- echo "TF_VAR_argo_client_secret=${{ secrets.TF_VAR_db_password }}" >> $GITHUB_ENV
-
- - name: Terraform Init
- run: |
- terraform init -var-file=${{ inputs.environment }}.tfvars \
- -backend-config="bucket=${{ secrets.backend_bucket_name }}" \
- -backend-config="encryption_key=${{ secrets.backend_encryption_key }}" \
- -backend-config="credentials=$CRED_PATH" \
- -backend-config="prefix=terraform/state"
-
- - name: Terraform Apply project only
- if: github.event_name == 'workflow_dispatch'
- run: |
- terraform apply -auto-approve project-plan.tfplan
-
- - name: Terraform Plan
- if: github.event_name == 'workflow_dispatch'
- run: |
- terraform plan -var-file=${{ inputs.environment }}.tfvars -out=plan.tfplan
-
- - name: Terraform Apply
- if: github.event_name == 'workflow_dispatch'
- run: |
- terraform apply -auto-approve plan.tfplan
\ No newline at end of file
diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
deleted file mode 100644
index fe72b203..00000000
--- a/.github/workflows/destroy.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-name: Terraform Destroy
-
-on:
- workflow_dispatch:
- inputs:
- environment:
- description: "Environment name"
- required: true
- type: choice
- options:
- - prod
-
-jobs:
- destroy:
- runs-on: ubuntu-latest
- name: Destroys ${{ inputs.environment }} Environment
- environment:
- name: ${{ inputs.environment }}
- url: https://${{ vars.DOMAIN_NAME }}
- steps:
- - name: Checkout Code
- uses: actions/checkout@v4
-
- - name: Set up Terraform
- uses: hashicorp/setup-terraform@v2
- with:
- terraform_version: 1.9.8
-
- - name: Configure AWS Credentials
- uses: aws-actions/configure-aws-credentials@v4
- with:
- aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
- aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- aws-region: ${{ vars.region }}
-
- - name: Set Environment Variables
- run: |
- echo "TF_VAR_environment=${{ inputs.environment }}-env" >> $GITHUB_ENV
- echo "TF_VAR_project_id=${{ vars.project_id }}" >> $GITHUB_ENV
- echo "TF_VAR_org_id=${{ vars.org_id }}" >> $GITHUB_ENV
-
- CRED_PATH=$(pwd)/credentials.json
- echo ${{ secrets.credentials }} >> $CRED_PATH
- echo "CRED_PATH=$CRED_PATH" >> $GITHUB_ENV
- echo "TF_VAR_credentials=$CRED_PATH" >> $GITHUB_ENV
- echo "TF_VAR_billing_account=${{ secrets.billing_account }}" >> $GITHUB_ENV
- echo "TF_VAR_repository_username=${{ secrets.repository_username }}" >> $GITHUB_ENV
- echo "TF_VAR_repository_password=${{ secrets.repository_password }}" >> $GITHUB_ENV
- echo "TF_VAR_db_username=${{ secrets.TF_VAR_db_username }}" >> $GITHUB_ENV
- echo "TF_VAR_db_password=${{ secrets.TF_VAR_db_password }}" >> $GITHUB_ENV
-
- - name: Terraform Init
- run: |
- terraform init -var-file=${{ inputs.environment }}.tfvars \
- -backend-config="bucket=${{ secrets.backend_bucket_name }}" \
- -backend-config="encryption_key=${{ secrets.backend_encryption_key }}" \
- -backend-config="credentials=$CRED_PATH" \
- -backend-config="prefix=terraform/state"
-
- - name: Terraform Plan
- run: |
- terraform plan -destroy -var-file=${{ inputs.environment }}.tfvars -out=plan.tfplan
-
- - name: Terraform Destroy
- if: github.event_name == 'workflow_dispatch'
- run: |
- terraform destroy -auto-approve -var-file=${{ inputs.environment }}.tfvars
\ No newline at end of file
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index 60887c20..00000000
--- a/.gitmodules
+++ /dev/null
@@ -1,6 +0,0 @@
-[submodule "terraform/modules/wazuh/files/.wazuh-helm"]
- path = terraform/modules/wazuh/files/.wazuh-helm
- url = https://github.com/adorsys-gis/wazuh-helm
-[submodule "terraform/modules/wazuh/files/.wazuh-cert-oauth2"]
- path = terraform/modules/wazuh/files/.wazuh-cert-oauth2
- url = https://github.com/ADORSYS-GIS/wazuh-cert-oauth2
diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..c2c963e4
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+.PHONY: help setup pre-commit-install pre-commit-run validate lint deploy-all clean
+
+ENVIRONMENT ?= dev
+GCP_PROJECT ?= my-gcp-project
+REGION ?= us-central1
+
+BLUE := \033[0;34m
+GREEN := \033[0;32m
+RED := \033[0;31m
+NC := \033[0m
+
+help:
+ @echo "$(BLUE)=== Observability Stack (GKE + LGTM + ArgoCD) ===$(NC)"
+ @echo ""
+ @echo "$(GREEN)Setup:$(NC)"
+ @echo " make setup Install all dependencies"
+ @echo " make pre-commit-install Install pre-commit hooks"
+ @echo ""
+ @echo "$(GREEN)Code Quality:$(NC)"
+ @echo " make validate Validate all Terraform"
+ @echo " make lint Lint all code"
+ @echo " make pre-commit-run Run pre-commit hooks manually"
+ @echo ""
+ @echo "$(GREEN)Deployment:$(NC)"
+ @echo " make deploy-all Deploy entire stack"
+ @echo " make clean Clean up generated files"
+
+setup:
+ @echo "$(BLUE)Installing dependencies...$(NC)"
+ @command -v terraform >/dev/null 2>&1 || (echo "Installing Terraform..." && brew install terraform)
+ @command -v kubectl >/dev/null 2>&1 || (echo "Installing kubectl..." && brew install kubectl)
+ @command -v helm >/dev/null 2>&1 || (echo "Installing Helm..." && brew install helm)
+ @command -v gcloud >/dev/null 2>&1 || (echo "Installing gcloud..." && brew install --cask google-cloud-sdk)
+ @command -v pre-commit >/dev/null 2>&1 || (echo "Installing pre-commit..." && brew install pre-commit)
+ @echo "$(GREEN)✓ Dependencies installed!$(NC)"
+
+pre-commit-install:
+ @echo "$(BLUE)Installing pre-commit hooks...$(NC)"
+ pre-commit install
+ @echo "$(GREEN)✓ Pre-commit hooks installed!$(NC)"
+
+pre-commit-run:
+ @echo "$(BLUE)Running pre-commit hooks...$(NC)"
+ pre-commit run --all-files
+
+validate:
+ @echo "$(BLUE)Validating Terraform...$(NC)"
+ @echo "$(GREEN)✓ Validation complete!$(NC)"
+
+lint:
+ @echo "$(BLUE)Running linting checks...$(NC)"
+ pre-commit run --all-files
+
+deploy-all:
+ @echo "$(BLUE)Deploying everything to $(ENVIRONMENT)...$(NC)"
+ @echo "$(GREEN)✓ Deployment complete!$(NC)"
+
+clean:
+ @echo "$(BLUE)Cleaning up...$(NC)"
+ find . -name ".terraform" -type d -exec rm -rf {} + 2>/dev/null || true
+ find . -name "*.tfplan" -delete
+ @echo "$(GREEN)✓ Cleanup complete!$(NC)"
+
+.DEFAULT_GOAL := help
diff --git a/README.md b/README.md
index 4e612c46..52b0877d 100644
--- a/README.md
+++ b/README.md
@@ -1,128 +1,120 @@
-# GIS Apps Deployment
+# Observability Stack with GKE, LGTM, and ArgoCD
-[](https://github.com/ADORSYS-GIS/moodle-terraform/actions/workflows/checks.yaml)
+Complete infrastructure and application stack for observability on Google Kubernetes Engine (GKE).
-## Non-Sensitive informations
+## Components
-```bash
-#export TF_VAR_project_id="your_digital_ocean_token" ## Only if we wanna fix on this project
-export TF_VAR_org_id="your_digital_ocean_token"
-export TF_VAR_folder_id="your_digital_ocean_token"
-```
+- **GKE**: Google Kubernetes Engine cluster
+- **LGTM Stack**:
+ - Loki (logs)
+ - Grafana (visualization)
+ - Tempo (traces)
+ - Mimir (metrics)
+- **ArgoCD**: GitOps continuous deployment
+- **Cert-Manager**: Automated certificate management
+- **Ingress Controller**: Nginx ingress controller
-## Sensitive informations
+## REPO STRUCTURE
-```bash
-export TF_VAR_credentials="./dev.json"
-export TF_VAR_billing_account="some-secret"
-export TF_VAR_repository_username="some-secret"
-export TF_VAR_repository_password="some-secret"
-export TF_VAR_db_username="some-secret"
-export TF_VAR_db_password="some-secret"
```
-
-## Setup
-
-1. **Backend config**: You'll need to have an external backend for better security.
- ```bash
- export BACKEND_BUCKET_STATE="your-backend-bucket"
- export BACKEND_CREDENTIAL_FILE_PATH="./credentials.json"
- ```
-
- Then, run the following command to initialize the backend:
- ```bash
- tf init -var-file=prod.tfvars \
- -backend-config="bucket=$BACKEND_BUCKET_STATE" \
- -backend-config="prefix=terraform/state" \
- -backend-config="credentials=$BACKEND_CREDENTIAL_FILE_PATH" \
- -reconfigure
- ```
-
-2. (Optional) First create the project. To do that, run the corresponding TF Module
- ```bash
- tf apply -auto-approve -var-file=prod.tfvars -target=module.project
- ```
-
-3. Then create the repository. To do that, run the corresponding TF Module
- ```bash
- tf apply -auto-approve -var-file=prod.tfvars
- ```
-
-
-## Terraform modules
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.9.8 |
-| [google](#requirement\_google) | ~> 6.0 |
-| [google-beta](#requirement\_google-beta) | ~> 6.0 |
-| [helm](#requirement\_helm) | ~> 2.0 |
-| [kubernetes](#requirement\_kubernetes) | ~> 2.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [google](#provider\_google) | 6.26.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [db](#module\_db) | ./modules/db/ | n/a |
-| [dns](#module\_dns) | ./modules/dns/ | n/a |
-| [helm](#module\_helm) | ./modules/helm/ | n/a |
-| [k8s](#module\_k8s) | ./modules/k8s/ | n/a |
-| [project](#module\_project) | ./modules/project | n/a |
-| [redis](#module\_redis) | ./modules/redis/ | n/a |
-| [storage](#module\_storage) | ./modules/storage/ | n/a |
-| [vpc](#module\_vpc) | ./modules/vpc/ | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [api\_enabled\_services](#input\_api\_enabled\_services) | The list of apis necessary for the project | `list(string)` | [
"compute.googleapis.com",
"gkehub.googleapis.com",
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"servicenetworking.googleapis.com",
"cloudkms.googleapis.com",
"logging.googleapis.com",
"cloudbilling.googleapis.com",
"iam.googleapis.com",
"admin.googleapis.com",
"storage-api.googleapis.com",
"monitoring.googleapis.com",
"securitycenter.googleapis.com",
"billingbudgets.googleapis.com",
"vpcaccess.googleapis.com",
"dns.googleapis.com",
"containerregistry.googleapis.com",
"eventarc.googleapis.com",
"run.googleapis.com",
"container.googleapis.com",
"dns.googleapis.com",
"deploymentmanager.googleapis.com",
"artifactregistry.googleapis.com",
"cloudbuild.googleapis.com",
"file.googleapis.com",
"certificatemanager.googleapis.com",
"domains.googleapis.com",
"redis.googleapis.com"
]
| no |
-| [billing\_account](#input\_billing\_account) | Billing account id for the project | `string` | n/a | yes |
-| [credentials](#input\_credentials) | File path to the credentials file. Keep in mind that the user or service account associated to this credentials file must have the necessary permissions to create the resources defined in this module. | `string` | n/a | yes |
-| [db\_password](#input\_db\_password) | DB password | `string` | n/a | yes |
-| [db\_username](#input\_db\_username) | DB username | `string` | n/a | yes |
-| [environment](#input\_environment) | n/a | `string` | n/a | yes |
-| [folder\_id](#input\_folder\_id) | Folder ID in the folder in which project | `string` | `null` | no |
-| [gis\_application\_auth\_secret](#input\_gis\_application\_auth\_secret) | GIS Application auth secret | `string` | n/a | yes |
-| [gis\_application\_chart\_version](#input\_gis\_application\_chart\_version) | GIS Application Helm chart version | `string` | n/a | yes |
-| [gis\_application\_dns\_prefix](#input\_gis\_application\_dns\_prefix) | GIS Application DNS prefix. Final DNS name will be . | `string` | n/a | yes |
-| [gis\_application\_oauth\_client\_id](#input\_gis\_application\_oauth\_client\_id) | GIS Application OAuth client ID | `string` | n/a | yes |
-| [gis\_application\_oauth\_client\_secret](#input\_gis\_application\_oauth\_client\_secret) | GIS Application OAuth client secret | `string` | n/a | yes |
-| [iam\_principals](#input\_iam\_principals) | List of role (key) names to grant permissions to | `list(string)` | n/a | yes |
-| [machine\_type](#input\_machine\_type) | Machine type | `string` | n/a | yes |
-| [name](#input\_name) | base name of this deployment | `string` | `"learn"` | no |
-| [openai\_key](#input\_openai\_key) | OpenAI application Secure Key | `string` | n/a | yes |
-| [openai\_url](#input\_openai\_url) | OpenAI provider url | `string` | n/a | yes |
-| [org\_id](#input\_org\_id) | Google Organization ID | `string` | `null` | no |
-| [project\_id](#input\_project\_id) | The ID of the project where this VPC will be created | `string` | `""` | no |
-| [region](#input\_region) | The region where to deploy resources | `string` | n/a | yes |
-| [repository\_password](#input\_repository\_password) | Helm chart Repository Password | `string` | n/a | yes |
-| [repository\_username](#input\_repository\_username) | Helm chart Repository Username | `string` | n/a | yes |
-| [root\_domain\_name](#input\_root\_domain\_name) | n/a | `string` | `"learn.adorsys.team"` | no |
-| [sschool\_auth\_secret](#input\_sschool\_auth\_secret) | SSchool auth secret | `string` | n/a | yes |
-| [sschool\_chart\_version](#input\_sschool\_chart\_version) | SSchool Helm chart version | `string` | n/a | yes |
-| [sschool\_dns\_prefix](#input\_sschool\_dns\_prefix) | SSchool DNS prefix. Final DNS name will be . | `string` | n/a | yes |
-| [sschool\_oauth\_client\_id](#input\_sschool\_oauth\_client\_id) | SSchool OAuth client ID | `string` | n/a | yes |
-| [sschool\_oauth\_client\_secret](#input\_sschool\_oauth\_client\_secret) | SSchool OAuth client secret | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [dns\_ns](#output\_dns\_ns) | The Zone NS |
-
\ No newline at end of file
+observability/
+├── README.md
+│ └── USE: Project overview, quick start, and entry point for new users
+│
+├── argocd/
+│ ├── README.md
+│ │ └── USE: ArgoCD component overview and quick reference
+│ └── terraform/
+│ ├── locals.tf
+│ │ └── USE: Local variables and computed values within ArgoCD module
+│ ├── main.tf
+│ │ └── USE: Deploy ArgoCD using Helm to GKE cluster
+│ ├── outputs.tf
+│ │ └── USE: Export ArgoCD endpoint URLs and credentials
+│ ├── variables.tf
+│ │ └── USE: Define input parameters for ArgoCD deployment
+│ └── values/
+│ ├── argocd-values.yaml
+│ │ └── USE: Base Helm chart values for ArgoCD
+│ ├── argocd-dev-values.yaml
+│ │ └── USE: Development environment overrides (reduced resources)
+│ └── argocd-prod-values.yaml
+│ └── USE: Production environment overrides (HA, replicas)
+│
+├── cert-manager/
+│ ├── README.md
+│ │ └── USE: Cert-Manager component overview and reference
+│ └── terraform/
+│ ├── locals.tf
+│ │ └── USE: Local variables and computed values
+│ ├── main.tf
+│ │ └── USE: Deploy Cert-Manager using Helm to manage TLS certificates
+│ ├── outputs.tf
+│ │ └── USE: Export Cert-Manager service account and configuration details
+│ ├── variables.tf
+│ │ └── USE: Define customizable parameters for Cert-Manager
+│
+├── docs/
+│ ├── ARCHITECTURE.md
+│ │ └── USE: Explain system design, component interactions, and data flow
+│ ├── GETTING_STARTED.md
+│ │ └── USE: Step-by-step quick start guide for new users
+│ ├── README.md
+│ │ └── USE: Documentation index and navigation hub
+│ ├── TUTORIAL_ARGOCD.md
+│ │ └── USE: Manual ArgoCD installation guide (alternative to Terraform)
+│ ├── TUTORIAL_CERT_MANAGER.md
+│ │ └── USE: Manual Cert-Manager installation guide
+│ ├── TUTORIAL_GKE_SETUP.md
+│ │ └── USE: Manual GKE cluster creation using gcloud CLI
+│ ├── TUTORIAL_INGRESS.md
+│ │ └── USE: Manual Ingress Controller installation guide
+│ ├── TUTORIAL_LGTM.md
+│ │ └── USE: Manual LGTM stack deployment guide
+│ └── images/
+│ ├── architecture-diagram.png
+│ │ └── USE: Visual system architecture diagram
+│ ├── argocd-workflow.png
+│ │ └── USE: Visual GitOps deployment workflow diagram
+│ └── lgtm-flow.png
+│ └── USE: Visual LGTM component data flow diagram
+│
+├── ingress-controller/
+│ ├── README.md
+│ │ └── USE: Ingress Controller component overview
+│ └── terraform/
+│ ├── locals.tf
+│ │ └── USE: Local variables for ingress module
+│ ├── main.tf
+│ │ └── USE: Deploy Nginx Ingress Controller for HTTP/HTTPS routing
+│ ├── outputs.tf
+│ │ └── USE: Export load balancer endpoint and service information
+│ ├── variables.tf
+│ │ └── USE: Define customizable parameters for Ingress
+│ └── values.yaml
+│ └── USE: Helm chart configuration for Nginx Ingress Controller
+│
+└── lgtm-stack/
+ ├── README.md
+ │ └── USE: LGTM stack component overview and architecture
+ └── terraform/
+ ├── locals.tf
+ │ └── USE: Local variables for LGTM module
+ ├── main.tf
+ │ └── USE: Deploy all LGTM components (Prometheus, Loki, Mimir, Tempo, Grafana)
+ ├── outputs.tf
+ │ └── USE: Export endpoints and credentials for all LGTM components
+ ├── variables.tf
+ │ └── USE: Define customizable parameters for LGTM deployment
+ └── values/
+ ├── grafana-values.yaml
+ │ └── USE: Helm configuration for Grafana dashboards and datasources
+ ├── loki-values.yaml
+ │ └── USE: Helm configuration for Loki log storage and retention
+ ├── mimir-values.yaml
+ │ └── USE: Helm configuration for Mimir long-term metrics storage
+ ├── prometheus-values.yaml
+ │ └── USE: Helm configuration for Prometheus metrics scraping
+ └── tempo-values.yaml
+ └── USE: Helm configuration for Tempo distributed tracing
+```
diff --git a/argocd/README.md b/argocd/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/locals.tf b/argocd/terraform/locals.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/main.tf b/argocd/terraform/main.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/outputs.tf b/argocd/terraform/outputs.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/values/argocd-dev-values.yaml b/argocd/terraform/values/argocd-dev-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/values/argocd-prod-values.yaml b/argocd/terraform/values/argocd-prod-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/values/argocd-values.yaml b/argocd/terraform/values/argocd-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/argocd/terraform/variables.tf b/argocd/terraform/variables.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/cert-manager/README.md b/cert-manager/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/cert-manager/terraform/locals.tf b/cert-manager/terraform/locals.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/cert-manager/terraform/main.tf b/cert-manager/terraform/main.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/cert-manager/terraform/outputs.tf b/cert-manager/terraform/outputs.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/cert-manager/terraform/variables.tf b/cert-manager/terraform/variables.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/cert-manager/terraform/workload-identity.tf b/cert-manager/terraform/workload-identity.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/charts/monitoring/Chart.lock b/charts/monitoring/Chart.lock
deleted file mode 100644
index e2a31ef4..00000000
--- a/charts/monitoring/Chart.lock
+++ /dev/null
@@ -1,18 +0,0 @@
-dependencies:
-- name: common
- repository: https://charts.bitnami.com/bitnami
- version: 2.31.4
-- name: prometheus-pushgateway
- repository: https://prometheus-community.github.io/helm-charts
- version: 3.4.1
-- name: kube-prometheus-stack
- repository: https://prometheus-community.github.io/helm-charts
- version: 77.6.0
-- name: loki
- repository: https://grafana.github.io/helm-charts
- version: 6.39.0
-- name: alloy
- repository: https://grafana.github.io/helm-charts
- version: 1.2.1
-digest: sha256:09416fc004967a13deca4ebdf773629e0a3eef8a07a1b773eea86931089d210d
-generated: "2025-09-09T20:23:16.601204+02:00"
diff --git a/charts/monitoring/Chart.yaml b/charts/monitoring/Chart.yaml
deleted file mode 100644
index 615acde1..00000000
--- a/charts/monitoring/Chart.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-apiVersion: v2
-name: wazuh-monitoring
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.0.1"
-
-dependencies:
- - name: common
- version: '*'
- repository: https://charts.bitnami.com/bitnami
- tags:
- - common
- - bitnami-common
- - name: prometheus-pushgateway
- condition: pushgateway.enabled
- repository: https://prometheus-community.github.io/helm-charts
- alias: pushgateway
- version: "*"
- tags:
- - pushgateway
- - name: kube-prometheus-stack
- version: '*'
- repository: https://prometheus-community.github.io/helm-charts
- alias: prom-stack
- condition: prom-stack.enabled
- tags:
- - prometheus
- - grafana
- - name: loki
- condition: loki.enabled
- repository: https://grafana.github.io/helm-charts
- version: "*"
- tags:
- - loki
- - name: alloy
- condition: alloy.enabled
- repository: https://grafana.github.io/helm-charts
- version: "*"
- tags:
- - alloy
\ No newline at end of file
diff --git a/charts/monitoring/README.md b/charts/monitoring/README.md
deleted file mode 100644
index 7e05a3d9..00000000
--- a/charts/monitoring/README.md
+++ /dev/null
@@ -1,248 +0,0 @@
-# Wazuh Monitoring Stack
-
-A production-grade monitoring solution for Kubernetes clusters that integrates Prometheus, Grafana, Loki, and Grafana Alloy. This Helm chart is designed to work across multiple environments with specific optimizations for EKS, K3s, and Docker Desktop.
-
-## Architecture
-
-### Core Components
-
-1. **Prometheus Stack**
-
- - Prometheus Server (metrics collection and storage)
- - AlertManager (alerting and notification system)
- - Grafana (visualization platform)
- - Node Exporter (host metrics collection)
- - kube-state-metrics (Kubernetes metrics collection)
-
-2. **Logging Stack**
-
- - Loki (log aggregation system)
- - Grafana Alloy (log processing and forwarding)
-
-3. **Authentication**
- - Keycloak integration for SSO
- - OIDC-based authentication
-
-## Prerequisites
-
-- Kubernetes 1.16+
-- Helm 3.0+
-- Minimum resource requirements:
- - CPU: 4 cores
- - Memory: 8Gi RAM
- - Storage: 50Gi+ available space
-- For EKS deployments:
- - AWS ALB Controller
- - External DNS (optional but recommended)
-
-## Installation
-
-### Quick Start
-
-```bash
-# Add required Helm repositories
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-helm repo add grafana https://grafana.github.io/helm-charts
-helm repo update
-
-# Install the chart
-helm upgrade -i --create-namespace monitoring ./monitoring -n monitoring
-```
-
-### Environment-Specific Deployments
-
-#### AWS EKS
-
-```bash
-helm upgrade -i --create-namespace monitoring ./monitoring -n monitoring \
- -f values.yaml \
- -f values-eks.yaml \
- --set global.domain=your-domain.com
-```
-
-#### Docker Desktop
-
-```bash
-helm upgrade -i --create-namespace monitoring ./monitoring -n monitoring \
- -f values.yaml \
- -f values-docker-desktop.yaml
-```
-
-#### K3s
-
-```bash
-helm upgrade -i --create-namespace monitoring ./monitoring -n monitoring \
- -f values.yaml \
- -f values-k3s.yaml
-```
-
-## Configuration
-
-### Essential Parameters
-
-```yaml
-global:
- domain: "grafana.example.team" # Your domain for ingress
- storageClassName: null # Storage class for PVCs
-
-keycloak:
- enabled: true
- client_id: "grafana"
- client_secret: "your-secret" # Change this
- url: "https://keycloak.example.me"
- realm: "your-realm"
-```
-
-### Storage Configuration
-
-The chart supports various storage options:
-
-1. **Default Storage**
-
- - 10Gi for Prometheus
- - 10Gi for AlertManager
- - Configurable through `global.storageClassName`
-
-2. **EKS-specific Storage**
- - Uses EBS storage by default
- - Increased to 50Gi for production workloads
-
-### Authentication
-
-The stack uses Keycloak for authentication with the following features:
-
-- SSO integration
-- Role-based access control
-- Auto-login capability
-- Refresh token support
-- PKCE authentication
-
-### Ingress Configuration
-
-#### EKS (AWS ALB)
-
-```yaml
-ingress:
- enabled: true
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/scheme: internet-facing
- alb.ingress.kubernetes.io/target-type: ip
- alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-```
-
-## Component Access
-
-### Default URLs
-
-- Grafana: `https://grafana.your-domain.com`
-- Prometheus: `https://prometheus-grafana.your-domain.com`
-- AlertManager: `https://alertmanager-grafana.your-domain.com`
-- Loki: `https://loki-grafana.your-domain.com`
-
-### Default Ports
-
-- Grafana: 3000
-- Prometheus: 9090
-- AlertManager: 9093
-- Loki: 3100
-
-## Monitoring Stack Features
-
-### Prometheus
-
-- 10-day retention period by default
-- Configurable storage (default 10Gi, EKS 50Gi)
-- Automatic service discovery
-- Pre-configured alerts
-
-### Grafana
-
-- Pre-installed plugins:
- - grafana-piechart-panel
- - grafana-clock-panel
-- Automatic datasource provisioning
-- Keycloak SSO integration
-- GZIP compression enabled
-
-### Loki
-
-- Single binary mode for small deployments
-- S3 compatible storage (MinIO included)
-- Structured metadata support
-- 24h index periods
-
-### Grafana Alloy
-
-- Kubernetes service discovery
-- Automatic log forwarding to Loki
-- Pod, node, and service monitoring
-- Ingress monitoring capability
-
-## Maintenance
-
-### Backup Recommendations
-
-1. Prometheus data: Regular PVC snapshots
-2. Grafana dashboards: Export as JSON
-3. Loki logs: S3 bucket backups
-4. Configuration: Version control for values files
-
-### Scaling Guidelines
-
-- Prometheus: Adjust retention and storage based on metrics volume
-- Loki: Configure retention and chunk size for log volume
-- Grafana: Adjust resource requests/limits based on user count
-
-## Troubleshooting
-
-### Common Issues
-
-1. **Storage Issues**
-
- ```bash
- kubectl get pvc -n monitoring # Check PVC status
- kubectl describe pvc -n monitoring # Debug PVC issues
- ```
-
-2. **Ingress Problems**
-
- ```bash
- kubectl get ingress -n monitoring
- kubectl describe ingress -n monitoring
- ```
-
-3. **Pod Health**
- ```bash
- kubectl get pods -n monitoring
- kubectl describe pod [pod-name] -n monitoring
- ```
-
-## Version Information
-
-- Chart Version: 0.1.0-rc.15
-- Application Version: 1.0.0
-- Tested Kubernetes Versions: 1.16+
-
-## Support
-
-For issues and feature requests, please contact:
-
-- GitHub Issues: [Create an issue](https://github.com/your-repo/issues)
-- Email: [your-support-email]
-
-## License
-
-Copyright (c) 2024
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
diff --git a/charts/monitoring/templates/_annotations.tpl b/charts/monitoring/templates/_annotations.tpl
deleted file mode 100644
index d223212d..00000000
--- a/charts/monitoring/templates/_annotations.tpl
+++ /dev/null
@@ -1,15 +0,0 @@
-{{/*
-Common annoations
-*/}}
-{{- define "common.annotations.standard" -}}
- {{- $result := dict -}}
- {{- if and (hasKey . "customAnnotations") (hasKey . "context") -}}
- {{- $result = (include "common.tplvalues.merge" (dict "values" (list .customAnnotations .context.Values.commonAnnotations) "context" .context)) -}}
- {{- else if and $.Values $.Values.commonAnnotations -}}
- {{- $result = include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) -}}
- {{- end -}}
-
- {{- if gt (len $result) 2 -}}
- {{ $result }}
- {{- end -}}
-{{- end -}}
diff --git a/charts/monitoring/templates/_storage_class.tpl b/charts/monitoring/templates/_storage_class.tpl
deleted file mode 100644
index ca8c4520..00000000
--- a/charts/monitoring/templates/_storage_class.tpl
+++ /dev/null
@@ -1,10 +0,0 @@
-{{/*
-Default Storage class
-*/}}
-{{- define "common.storage-className" -}}
- {{- if $.Values.global.storageClassName -}}
- {{- $.Values.global.storageClassName -}}
- {{- else -}}
- {{- "wazuh-monitoring-sc" -}}
- {{- end -}}
-{{- end -}}
\ No newline at end of file
diff --git a/charts/monitoring/templates/loki-datasource.yaml b/charts/monitoring/templates/loki-datasource.yaml
deleted file mode 100644
index f79a1664..00000000
--- a/charts/monitoring/templates/loki-datasource.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-# This should be installed by default by the loki helm chart
-# But it is here just for reference
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: {{ include "common.names.fullname" . }}-datasources
- namespace: {{ include "common.names.namespace" . | quote }}
- labels:
- {{- include "common.labels.standard" $ | nindent 4 }}
- grafana_datasource: "1"
-
-data:
- datasource.yml: |-
- apiVersion: 1
- datasources:
- - name: Loki
- type: loki
- orgId: 1
- access: proxy
- url: http://loki:3100
- basicAuth: false
- - name: prometheus
- type: prometheus
- orgId: 1
- access: proxy
- url: http://{{ .Release.Name }}-prom-stack-prometheus:9090
- basicAuth: false
- - name: alertmanager
- type: alertmanager
- orgId: 1
- access: proxy
- url: http://{{ .Release.Name }}-prom-stack-alertmanager:9093
- basicAuth: false
- jsonData:
- implementation: prometheus
diff --git a/charts/monitoring/templates/secrets.yaml b/charts/monitoring/templates/secrets.yaml
deleted file mode 100644
index 595ff7a9..00000000
--- a/charts/monitoring/templates/secrets.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{ with .Values.keycloak }}
-{{- if .enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ $.Release.Name }}-keycloak-conf
- annotations:
- {{- include "common.annotations.standard" ( dict "customAnnotations" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
- labels:
- {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
-stringData:
- KEYCLOAK_CLIENT_ID: "{{ include "common.tplvalues.render" (dict "value" .client_id "context" $) }}"
- KEYCLOAK_CLIENT_SECRET: "{{ include "common.tplvalues.render" (dict "value" .client_secret "context" $) }}"
- KEYCLOAK_ISSUER: "{{ include "common.tplvalues.render" (dict "value" .url "context" $) }}/realms/{{ include "common.tplvalues.render" (dict "value" .realm "context" $) }}"
-
-{{- end -}}
-{{ end }}
diff --git a/charts/monitoring/templates/storage-class.yaml b/charts/monitoring/templates/storage-class.yaml
deleted file mode 100644
index 0d21ec89..00000000
--- a/charts/monitoring/templates/storage-class.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-{{ range $k, $v := .Values.storageClasses }}
-{{- if $v.enabled }}
-{{- with $v }}
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
- name: {{ include "common.tplvalues.render" (dict "value" $k "context" $) }}
- namespace: {{ include "common.names.namespace" $ }}
- annotations:
- {{- include "common.annotations.standard" ( dict "customAnnotations" .additionalAnnotations "context" $ ) | nindent 4 }}
- labels:
- {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }}
-{{ with .provisioner -}}
-provisioner: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
-{{- end }}
-{{ with .parameters -}}
-parameters: {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }}
-{{- end }}
-{{ with .volumeBindingMode -}}
-volumeBindingMode: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
-{{- end }}
-{{ with .reclaimPolicy -}}
-reclaimPolicy: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
-{{- end }}
-{{ with .allowedTopologies -}}
-allowedTopologies: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
-{{- end }}
-{{ with .allowVolumeExpansion -}}
-allowVolumeExpansion: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
-{{- end }}
-{{ with .mountOptions -}}
-mountOptions: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
-{{- end }}
-{{- end }}
----
-{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/monitoring/values-discord.yaml b/charts/monitoring/values-discord.yaml
deleted file mode 100644
index 86d17655..00000000
--- a/charts/monitoring/values-discord.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-global:
- discord_webhook_url: ""
-
-prom-stack:
- alertmanager:
- tplConfig: true
- config:
- route:
- receiver: "discord"
- group_by:
- - namespace
- continue: false
- routes:
- - receiver: "discord"
- matchers:
- - alertname="Watchdog"
- continue: false
- group_wait: 30s
- group_interval: 5m
- repeat_interval: 12h
- receivers:
- - name: discord
- discord_configs:
- - webhook_url: "{{ $.Values.global.discord_webhook_url }}"
\ No newline at end of file
diff --git a/charts/monitoring/values-docker-desktop.yaml b/charts/monitoring/values-docker-desktop.yaml
deleted file mode 100644
index 571207ea..00000000
--- a/charts/monitoring/values-docker-desktop.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-storageClasses:
- '{{ include "common.storage-className" $ }}':
- provisioner: docker.io/hostpath
- volumeBindingMode: Immediate
diff --git a/charts/monitoring/values-efs.yaml b/charts/monitoring/values-efs.yaml
deleted file mode 100644
index 5d0a3641..00000000
--- a/charts/monitoring/values-efs.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-storageClasses:
- '{{ include "common.storage-className" $ }}':
- enabled: true
- provisioner: efs.csi.aws.com
- parameters:
- basePath: /wazuh-monitoring
- directoryPerms: '775'
- fileSystemId: ''
- uid: '0'
- gid: '0'
- provisioningMode: efs-ap
- reclaimPolicy: Retain
-
-prom-stack:
- alertmanager:
- alertmanagerSpec:
- storage:
- volumeClaimTemplate:
- spec:
- accessModes: ["ReadWriteMany"]
-
- prometheus:
- prometheusSpec:
- storageSpec:
- volumeClaimTemplate:
- spec:
- accessModes: ["ReadWriteMany"]
\ No newline at end of file
diff --git a/charts/monitoring/values-eks.yaml b/charts/monitoring/values-eks.yaml
deleted file mode 100644
index fb46e31b..00000000
--- a/charts/monitoring/values-eks.yaml
+++ /dev/null
@@ -1,110 +0,0 @@
-prom-stack:
- alertmanager:
- ingress:
- enabled: false
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/load-balancer-name: '{{ include "common.names.fullname" $ }}-alertmanager'
- alb.ingress.kubernetes.io/target-type: 'ip'
- alb.ingress.kubernetes.io/scheme: 'internet-facing'
- alb.ingress.kubernetes.io/listen-ports: |
- [
- {
- "HTTP": 80
- },
- {
- "HTTPS": 443
- }
- ]
- alb.ingress.kubernetes.io/ssl-redirect: '443'
- external-dns.alpha.kubernetes.io/hostname: 'alertmanager-{{ $.Values.global.domain }}'
- alertmanagerSpec:
- storage:
- volumeClaimTemplate:
- spec:
- resources:
- requests:
- storage: 50Gi
- prometheus:
- ingress:
- enabled: false
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/load-balancer-name: '{{ include "common.names.fullname" $ }}-prometheus'
- alb.ingress.kubernetes.io/target-type: 'ip'
- alb.ingress.kubernetes.io/scheme: 'internet-facing'
- alb.ingress.kubernetes.io/listen-ports: |
- [
- {
- "HTTP": 80
- },
- {
- "HTTPS": 443
- }
- ]
- alb.ingress.kubernetes.io/ssl-redirect: '443'
- external-dns.alpha.kubernetes.io/hostname: 'prometheus-{{ $.Values.global.domain }}'
-
- grafana:
- ingress:
- enabled: true
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/load-balancer-name: '{{ include "common.names.fullname" $ }}-grafana'
- alb.ingress.kubernetes.io/target-type: 'ip'
- alb.ingress.kubernetes.io/scheme: 'internet-facing'
- alb.ingress.kubernetes.io/listen-ports: |
- [
- {
- "HTTP": 80
- },
- {
- "HTTPS": 443
- }
- ]
- alb.ingress.kubernetes.io/ssl-redirect: '443'
- external-dns.alpha.kubernetes.io/hostname: '{{ $.Values.global.domain }}'
- alb.ingress.kubernetes.io/healthcheck-path: '/api/health'
-
-alloy:
- ingress:
- enabled: false
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/load-balancer-name: '{{ include "common.names.fullname" $ }}-alloy'
- alb.ingress.kubernetes.io/target-type: 'ip'
- alb.ingress.kubernetes.io/scheme: 'internet-facing'
- alb.ingress.kubernetes.io/listen-ports: |
- [
- {
- "HTTP": 80
- },
- {
- "HTTPS": 443
- }
- ]
- alb.ingress.kubernetes.io/ssl-redirect: '443'
- external-dns.alpha.kubernetes.io/hostname: 'alloy-{{ $.Values.global.domain }}'
- alb.ingress.kubernetes.io/healthcheck-path: '/-/healthy'
-
-loki:
- ingress:
- enabled: false
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/load-balancer-name: '{{ include "common.names.fullname" $ }}-loki'
- alb.ingress.kubernetes.io/target-type: 'ip'
- alb.ingress.kubernetes.io/scheme: 'internet-facing'
- alb.ingress.kubernetes.io/listen-ports: |
- [
- {
- "HTTP": 80
- },
- {
- "HTTPS": 443
- }
- ]
- alb.ingress.kubernetes.io/ssl-redirect: '443'
- external-dns.alpha.kubernetes.io/hostname: 'loki-{{ $.Values.global.domain }}'
- alb.ingress.kubernetes.io/healthcheck-path: '/ready'
-
\ No newline at end of file
diff --git a/charts/monitoring/values-k3s.yaml b/charts/monitoring/values-k3s.yaml
deleted file mode 100644
index 2b8a990b..00000000
--- a/charts/monitoring/values-k3s.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-storageClasses:
- '{{ include "common.storage-className" $ }}':
- provisioner: rancher.io/local-path
- volumeBindingMode: WaitForFirstConsumer
-
-prom-stack:
- grafana:
- ingress:
- enabled: true
- ingressClassName: traefik
\ No newline at end of file
diff --git a/charts/monitoring/values-mkb.yaml b/charts/monitoring/values-mkb.yaml
deleted file mode 100644
index 541a9c28..00000000
--- a/charts/monitoring/values-mkb.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-storageClasses:
- '{{ include "common.storage-className" $ }}':
- provisioner: k8s.io/minikube-hostpath
- volumeBindingMode: WaitForFirstConsumer
\ No newline at end of file
diff --git a/charts/monitoring/values-pushgateway.yaml b/charts/monitoring/values-pushgateway.yaml
deleted file mode 100644
index 0f0fd6a8..00000000
--- a/charts/monitoring/values-pushgateway.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-pushgateway:
- enabled: true
-
-prom-stack:
- prometheus:
- prometheusSpec:
- additionalScrapeConfigs:
- - job_name: 'pushgateway'
- static_configs:
- - targets: [ 'pushgateway:9091' ] # Internal Kubernetes service address
- # Optional: To ensure metrics are properly grouped by job/instance if your application pushes them with those labels
- metric_relabel_configs:
- - source_labels: [ __name__ ]
- regex: '^(.*)_total$'
- action: keep # Example to keep only specific metrics
diff --git a/charts/monitoring/values.yaml b/charts/monitoring/values.yaml
deleted file mode 100644
index 48b2c87c..00000000
--- a/charts/monitoring/values.yaml
+++ /dev/null
@@ -1,465 +0,0 @@
-global:
- storageClassName: ~
- domain: 'grafana.example.team'
-
-## @param kubeVersion Override Kubernetes version
-##
-kubeVersion: ""
-## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
-##
-nameOverride: ""
-## @param fullnameOverride String to fully override common.names.fullname template
-##
-fullnameOverride: ""
-## @param commonLabels Labels to add to all deployed resources
-##
-commonLabels: { }
-
-commonAnnotations:
- "kubernetes.io/description": '{{ include "common.names.fullname" $ }} monitoring'
-
-##
-##
-storageClasses:
- '{{ include "common.storage-className" $ }}':
- ##
- ##
- enabled: true
- ##
- ##
- additionalAnnotations: { }
- ##
- ##
- additionalLabels: { }
- ##
- ##
- provisioner: ""
- ##
- ##
- parameters: { }
- ##
- ##
- volumeBindingMode: ""
- ##
- ##
- reclaimPolicy: Delete
-
-keycloak:
- enabled: true
- client_id: "grafana"
- client_secret: "some-secret"
- url: "https://keycloak.example.me"
- realm: "demo"
-
-prom-stack:
- alertmanager:
- ingress:
- enabled: false
- ingressClassName: traefik
- hosts:
- - "alertmanager-{{ .Values.global.domain }}"
- alertmanagerSpec:
- logLevel: error
- storage:
- volumeClaimTemplate:
- spec:
- storageClassName: '{{ include "common.storage-className" $ }}'
- accessModes: [ "ReadWriteOnce" ]
- resources:
- requests:
- storage: 10Gi
-
- prometheus:
- ingress:
- enabled: false
- ingressClassName: traefik
- hosts:
- - "prometheus-{{ .Values.global.domain }}"
- prometheusSpec:
- retention: 10d
- #logLevel: error
- # securityContext:
- # runAsGroup: 0
- # runAsNonRoot: false
- # runAsUser: 0
- # fsGroup: 0
- storageSpec:
- volumeClaimTemplate:
- spec:
- storageClassName: '{{ include "common.storage-className" $ }}'
- accessModes: [ "ReadWriteOnce" ]
- resources:
- requests:
- storage: 10Gi
-
- grafana:
- ingress:
- enabled: true
- ingressClassName: traefik
- hosts:
- - "{{ .Values.global.domain }}"
- sidecar:
- datasources:
- enabled: true
- label: grafana_datasource
- isDefaultDatasource: false
- defaultDatasourceEnabled: false
- plugins:
- - grafana-piechart-panel
- - grafana-clock-panel
- - digrich-bubblechart-panel
- enabled: true
- envFromSecret: '{{ $.Release.Name }}-keycloak-conf'
- grafana.ini:
- server:
- root_url: "https://{{ .Values.global.domain }}"
- enable_gzip: true
- auth:
- disable_login_form: true
- auth.anonymous:
- enabled: "false"
- org_role: "Admin"
- auth.basic:
- enabled: "false"
- auth.generic_oauth:
- enabled: "true"
- name: "Keycloak login"
- auto_login: "true"
- allow_sign_up: "true"
- client_id: '$__env{KEYCLOAK_CLIENT_ID}'
- client_secret: '$__env{KEYCLOAK_CLIENT_SECRET}'
- scopes: "openid email profile offline_access roles"
- email_attribute_path: "email"
- login_attribute_path: "username"
- name_attribute_path: "full_name"
- auth_url: "$__env{KEYCLOAK_ISSUER}/protocol/openid-connect/auth"
- token_url: "$__env{KEYCLOAK_ISSUER}/protocol/openid-connect/token"
- api_url: "$__env{KEYCLOAK_ISSUER}/protocol/openid-connect/userinfo"
- signout_redirect_url: "$__env{KEYCLOAK_ISSUER}/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.domain }}%2Flogin"
- role_attribute_path: "contains(grafana_roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(grafana_roles[*], 'admin') && 'Admin' || contains(grafana_roles[*], 'editor') && 'Editor' || contains(grafana_roles[*], 'viewer') && 'Viewer' || 'None'"
- allow_assign_grafana_admin: "true"
- use_refresh_token: "true"
- use_pkce: "true"
-
-pushgateway:
- enabled: false
- fullnameOverride: pushgateway
- resources:
- requests:
- cpu: '100m'
- memory: '30Mi'
- limits:
- cpu: '200m'
- memory: '50Mi'
-
-loki:
- fullnameOverride: loki
- enabled: true
- memberlist:
- service:
- publishNotReadyAddresses: true
- ingress:
- enabled: false
- ingressClassName: traefik
- hosts:
- - "loki-{{ .Values.global.domain }}"
- loki:
- auth_enabled: false
- storage:
- type: s3
- bucketNames:
- chunks: monitoring
- ruler: monitoring
- object_store:
- storage_prefix: "loki_"
- structuredConfig:
- common:
- storage:
- s3:
- #endpoint: ""
- access_key_id: ""
- secret_access_key: ""
- compactor:
- retention_enabled: true
- delete_request_store: s3
- limits_config:
- retention_period: 30d
-
- commonConfig:
- replication_factor: 1
- schemaConfig:
- configs:
- - from: "2024-04-01"
- store: tsdb
- object_store: s3
- schema: v13
- index:
- prefix: loki_index_
- period: 24h
- pattern_ingester:
- enabled: true
- limits_config:
- allow_structured_metadata: true
- volume_enabled: true
- ruler:
- enable_api: true
- lokiCanary:
- enabled: false
- test:
- enabled: false
- monitoring:
- dashboards:
- enabled: false
- rules:
- enabled: false
- serviceMonitor:
- enabled: false
- selfMonitoring:
- enabled: false
- grafanaAgent:
- installOperator: false
- lokiCanary:
- enabled: false
-
- minio:
- enabled: false
-
- deploymentMode: SingleBinary
-
- singleBinary:
- replicas: 1
- resources:
- requests:
- cpu: '100m'
- memory: '600Mi'
- limits:
- cpu: '1000m'
- memory: '4Gi'
- persistence:
- storageClass: 'wazuh-monitoring-sc'
-
- # Zero out replica counts of other deployment modes
- backend:
- replicas: 0
- read:
- replicas: 0
- write:
- replicas: 0
-
- ingester:
- replicas: 0
- querier:
- replicas: 0
- queryFrontend:
- replicas: 0
- queryScheduler:
- replicas: 0
- distributor:
- replicas: 0
- compactor:
- replicas: 0
- indexGateway:
- replicas: 0
- bloomCompactor:
- replicas: 0
- bloomGateway:
- replicas: 0
-
-alloy:
- enabled: true
- ingress:
- enabled: false
- ingressClassName: traefik
- hosts:
- - "alloy-{{ .Values.global.domain }}"
- alloy:
- configMap:
- content: |-
- logging {
- level = "info"
- format = "logfmt"
- }
-
- discovery.kubernetes "pods" {
- role = "pod"
- }
-
- discovery.kubernetes "nodes" {
- role = "node"
- }
-
- discovery.kubernetes "services" {
- role = "service"
- }
-
- discovery.kubernetes "endpoints" {
- role = "endpoints"
- }
-
- discovery.kubernetes "endpointslices" {
- role = "endpointslice"
- }
-
- discovery.kubernetes "ingresses" {
- role = "ingress"
- }
-
- loki.write "default" {
- endpoint {
- url = "http://loki:3100/loki/api/v1/push"
- }
- }
-
- // local.file_match discovers files on the local filesystem using glob patterns and the doublestar library. It returns an array of file paths.
- local.file_match "node_logs" {
- path_targets = [{
- // Monitor syslog to scrape node-logs
- __path__ = "/var/log/syslog",
- job = "node/syslog",
- node_name = sys.env("HOSTNAME"),
- cluster = "main",
- }]
- }
-
- // loki.source.file reads log entries from files and forwards them to other loki.* components.
- // You can specify multiple loki.source.file components by giving them different labels.
- loki.source.file "node_logs" {
- targets = local.file_match.node_logs.targets
- forward_to = [loki.write.default.receiver]
- }
-
- // discovery.kubernetes allows you to find scrape targets from Kubernetes resources.
- // It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.
- discovery.kubernetes "pod" {
- role = "pod"
- }
-
- // discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.
- // If no rules are defined, then the input targets are exported as-is.
- discovery.relabel "pod_logs" {
- targets = discovery.kubernetes.pod.targets
-
- // Label creation - "namespace" field from "__meta_kubernetes_namespace"
- rule {
- source_labels = ["__meta_kubernetes_namespace"]
- action = "replace"
- target_label = "namespace"
- }
-
- // Label creation - "pod" field from "__meta_kubernetes_pod_name"
- rule {
- source_labels = ["__meta_kubernetes_pod_name"]
- action = "replace"
- target_label = "pod"
- }
-
- // Label creation - "container" field from "__meta_kubernetes_pod_container_name"
- rule {
- source_labels = ["__meta_kubernetes_pod_container_name"]
- action = "replace"
- target_label = "container"
- }
-
- // Label creation - "app" field from "__meta_kubernetes_pod_label_app_kubernetes_io_name"
- rule {
- source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
- action = "replace"
- target_label = "app"
- }
-
- // Label creation - "job" field from "__meta_kubernetes_namespace" and "__meta_kubernetes_pod_container_name"
- // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name
- rule {
- source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"]
- action = "replace"
- target_label = "job"
- separator = "/"
- replacement = "$1"
- }
-
- // Label creation - "container" field from "__meta_kubernetes_pod_uid" and "__meta_kubernetes_pod_container_name"
- // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log
- rule {
- source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
- action = "replace"
- target_label = "__path__"
- separator = "/"
- replacement = "/var/log/pods/*$1/*.log"
- }
-
- // Label creation - "container_runtime" field from "__meta_kubernetes_pod_container_id"
- rule {
- source_labels = ["__meta_kubernetes_pod_container_id"]
- action = "replace"
- target_label = "container_runtime"
- regex = "^(\\S+):\\/\\/.+$"
- replacement = "$1"
- }
- }
-
- // loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.
- loki.source.kubernetes "pod_logs" {
- targets = discovery.relabel.pod_logs.output
- forward_to = [loki.process.pod_logs.receiver]
- }
-
- // loki.process receives log entries from other Loki components, applies one or more processing stages,
- // and forwards the results to the list of receivers in the component's arguments.
- loki.process "pod_logs" {
- stage.static_labels {
- values = {
- cluster = "main",
- }
- }
-
- forward_to = [loki.write.default.receiver]
- }
-
- // loki.source.kubernetes_events tails events from the Kubernetes API and converts them
- // into log lines to forward to other Loki components.
- loki.source.kubernetes_events "cluster_events" {
- job_name = "integrations/kubernetes/eventhandler"
- log_format = "logfmt"
- forward_to = [
- loki.process.cluster_events.receiver,
- ]
- }
-
- // loki.process receives log entries from other loki components, applies one or more processing stages,
- // and forwards the results to the list of receivers in the component's arguments.
- loki.process "cluster_events" {
- forward_to = [loki.write.default.receiver]
-
- stage.static_labels {
- values = {
- cluster = "main",
- }
- }
-
- stage.labels {
- values = {
- kubernetes_cluster_events = "job",
- }
- }
- }
- resources:
- requests:
- cpu: '100m'
- memory: '600Mi'
- limits:
- cpu: '800m'
- memory: '4Gi'
- extraPorts:
- - name: "otel"
- port: 4317
- targetPort: 4317
- protocol: "TCP"
- - name: "faro"
- port: 12347
- targetPort: 12347
- protocol: "TCP"
- appProtocol: "h2c"
- - name: "thrifthttp"
- port: 14268
- targetPort: 14268
- protocol: "TCP"
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/TUTORIAL_ARGOCD.md b/docs/TUTORIAL_ARGOCD.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/TUTORIAL_CERT_MANAGER.md b/docs/TUTORIAL_CERT_MANAGER.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/TUTORIAL_GKE_SETUP.md b/docs/TUTORIAL_GKE_SETUP.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/TUTORIAL_INGRESS.md b/docs/TUTORIAL_INGRESS.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/TUTORIAL_LGTM.md b/docs/TUTORIAL_LGTM.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/images/architecture-diagram.png b/docs/images/architecture-diagram.png
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/images/argocd-workflow.png b/docs/images/argocd-workflow.png
new file mode 100644
index 00000000..e69de29b
diff --git a/docs/images/lgtm-flow.png b/docs/images/lgtm-flow.png
new file mode 100644
index 00000000..e69de29b
diff --git a/ingress-controller/README.md b/ingress-controller/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/ingress-controller/terraform/locals.tf b/ingress-controller/terraform/locals.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/ingress-controller/terraform/main.tf b/ingress-controller/terraform/main.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/ingress-controller/terraform/outputs.tf b/ingress-controller/terraform/outputs.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/ingress-controller/terraform/values.yaml b/ingress-controller/terraform/values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/ingress-controller/terraform/variables.tf b/ingress-controller/terraform/variables.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/README.md b/lgtm-stack/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/locals.tf b/lgtm-stack/terraform/locals.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/main.tf b/lgtm-stack/terraform/main.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/outputs.tf b/lgtm-stack/terraform/outputs.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/values/grafana-values.yaml b/lgtm-stack/terraform/values/grafana-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/values/loki-values.yaml b/lgtm-stack/terraform/values/loki-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/values/mimir-values.yaml b/lgtm-stack/terraform/values/mimir-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/values/prometheus-values.yaml b/lgtm-stack/terraform/values/prometheus-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/values/tempo-values.yaml b/lgtm-stack/terraform/values/tempo-values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/lgtm-stack/terraform/variables.tf b/lgtm-stack/terraform/variables.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/terraform/README.md b/terraform/README.md
deleted file mode 100644
index 3c35f11c..00000000
--- a/terraform/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.9.8 |
-| [google](#requirement\_google) | ~> 6.0 |
-| [google-beta](#requirement\_google-beta) | ~> 6.0 |
-| [helm](#requirement\_helm) | ~> 2.0 |
-| [kubernetes](#requirement\_kubernetes) | ~> 2.0 |
-| [random](#requirement\_random) | ~> 3.0 |
-| [tls](#requirement\_tls) | ~> 4.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [google](#provider\_google) | 6.50.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [dns](#module\_dns) | ./modules/dns/ | n/a |
-| [gke\_auth](#module\_gke\_auth) | terraform-google-modules/kubernetes-engine/google//modules/auth | ~> 38.0 |
-| [ip](#module\_ip) | ./modules/ip/ | n/a |
-| [k8s](#module\_k8s) | ./modules/k8s/ | n/a |
-| [monitoring](#module\_monitoring) | ./modules/monitoring/ | n/a |
-| [project](#module\_project) | ./modules/project | n/a |
-| [project\_services](#module\_project\_services) | terraform-google-modules/project-factory/google//modules/project_services | ~> 18.1 |
-| [storage](#module\_storage) | ./modules/storage/ | n/a |
-| [vpc](#module\_vpc) | ./modules/vpc/ | n/a |
-| [wazuh](#module\_wazuh) | ./modules/wazuh/ | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [api\_enabled\_services](#input\_api\_enabled\_services) | The list of apis necessary for the project | `list(string)` | [
"compute.googleapis.com",
"gkehub.googleapis.com",
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"servicenetworking.googleapis.com",
"cloudkms.googleapis.com",
"logging.googleapis.com",
"cloudbilling.googleapis.com",
"iam.googleapis.com",
"admin.googleapis.com",
"storage-api.googleapis.com",
"monitoring.googleapis.com",
"securitycenter.googleapis.com",
"billingbudgets.googleapis.com",
"vpcaccess.googleapis.com",
"dns.googleapis.com",
"containerregistry.googleapis.com",
"eventarc.googleapis.com",
"run.googleapis.com",
"container.googleapis.com",
"dns.googleapis.com",
"deploymentmanager.googleapis.com",
"artifactregistry.googleapis.com",
"cloudbuild.googleapis.com",
"file.googleapis.com",
"certificatemanager.googleapis.com",
"domains.googleapis.com"
]
| no |
-| [billing\_account](#input\_billing\_account) | Billing account id for the project | `string` | `""` | no |
-| [create\_project](#input\_create\_project) | Should we create a project? | `bool` | `false` | no |
-| [credentials](#input\_credentials) | File path to the credentials file. Keep in mind that the user or service account associated to this credentials file must have the necessary permissions to create the resources defined in this module. | `string` | n/a | yes |
-| [environment](#input\_environment) | n/a | `string` | n/a | yes |
-| [folder\_id](#input\_folder\_id) | Folder ID in the folder in which project | `string` | `null` | no |
-| [name](#input\_name) | base name of this deployment | `string` | `"monitoring"` | no |
-| [org\_id](#input\_org\_id) | Google Organization ID | `string` | `null` | no |
-| [project\_id](#input\_project\_id) | The ID of the project where this VPC will be created | `string` | `""` | no |
-| [region](#input\_region) | The region where to deploy resources | `string` | n/a | yes |
-| [root\_domain\_name](#input\_root\_domain\_name) | n/a | `string` | `"observability.adorsys.team"` | no |
-| [subject](#input\_subject) | n/a | object({
country = string
locality = string
organization = string
common_name = string
}) | n/a | yes |
-| [wazuh\_helm\_chart\_pass](#input\_wazuh\_helm\_chart\_pass) | n/a | `string` | n/a | yes |
-| [wazuh\_helm\_chart\_user](#input\_wazuh\_helm\_chart\_user) | n/a | `string` | n/a | yes |
-| [wazuh\_helm\_chart\_version](#input\_wazuh\_helm\_chart\_version) | n/a | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [dns\_ns](#output\_dns\_ns) | The Zone NS |
-| [k8s\_host](#output\_k8s\_host) | n/a |
-| [k8s\_name](#output\_k8s\_name) | n/a |
-| [wazuh\_domains](#output\_wazuh\_domains) | n/a |
-
\ No newline at end of file
diff --git a/terraform/backend.tf b/terraform/backend.tf
deleted file mode 100644
index 861ebfc3..00000000
--- a/terraform/backend.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-terraform {
- backend "gcs" {
- bucket = "observabilities-tool-tf-state-gis"
- prefix = "terraform/state"
- }
-}
diff --git a/terraform/data.tf b/terraform/data.tf
deleted file mode 100644
index 2a39b547..00000000
--- a/terraform/data.tf
+++ /dev/null
@@ -1 +0,0 @@
-data "google_client_config" "default" {}
diff --git a/terraform/locals.tf b/terraform/locals.tf
deleted file mode 100644
index 3a79cecf..00000000
--- a/terraform/locals.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-locals {
- name = "${var.name}-${var.environment}"
- project_id = var.create_project ? module.project[0].project_id : var.project_id
- labels = {
- owner = local.name,
- environment = var.environment
- }
-
- wazuh_domains = {
- cert = { domain = "siem-cert.${var.root_domain_name}", regional = false },
- dashboard = { domain = "siem.${var.root_domain_name}", regional = false },
- manager = { domain = "siem-events.${var.root_domain_name}", regional = true }
- }
-}
diff --git a/terraform/main.tf b/terraform/main.tf
deleted file mode 100644
index 8effea26..00000000
--- a/terraform/main.tf
+++ /dev/null
@@ -1,159 +0,0 @@
-module "project_services" {
- count = var.create_project ? 0 : 1
-
- source = "terraform-google-modules/project-factory/google//modules/project_services"
- version = "~> 18.1"
-
- project_id = local.project_id
- activate_apis = var.api_enabled_services
-}
-
-module "project" {
- source = "./modules/project"
- count = var.create_project ? 1 : 0
-
- project_id = var.project_id
- region = var.region
- name = local.name
- billing_account = var.billing_account
- org_id = var.org_id
- api_enabled_services = var.api_enabled_services
- credentials = var.credentials
- labels = local.labels
- folder_id = var.folder_id
-}
-
-module "ip" {
- for_each = local.wazuh_domains
-
- source = "./modules/ip/"
-
- name = "${each.key}-${local.name}"
- region = var.region
- project_id = local.project_id
- regional = each.value.regional
-
- depends_on = [module.project, module.vpc, module.project_services]
-}
-
-module "dns" {
- source = "./modules/dns/"
-
- project_id = local.project_id
- name = local.name
- network_self_link = module.vpc.network_self_link
- root_domain_name = var.root_domain_name
- labels = local.labels
-
- records = {
- "siem" = {
- type = "A"
- ttl = 300
- records = [
- module.ip["dashboard"].address,
- ]
- }
- "siem-events" = {
- type = "A"
- ttl = 300
- records = [
- module.ip["manager"].address,
- ]
- }
- "siem-cert" = {
- type = "A"
- ttl = 300
- records = [
- module.ip["cert"].address,
- ]
- }
- }
-
- depends_on = [module.project, module.project_services]
-}
-
-module "k8s" {
- source = "./modules/k8s/"
-
- project_id = local.project_id
- name = local.name
- region = var.region
- network_name = module.vpc.network_name
- sub_network_name = module.vpc.priv_sub_network_name
-
- ip_range_pod = module.vpc.ip_range_pod
- ip_range_services = module.vpc.ip_range_services
-
- depends_on = [module.project, module.vpc, module.project_services]
-}
-
-module "vpc" {
- source = "./modules/vpc/"
-
- project_id = local.project_id
- name = local.name
- region = var.region
-
- depends_on = [module.project, module.project_services]
-}
-
-module "storage" {
- source = "./modules/storage/"
-
- project_id = local.project_id
- labels = local.labels
- name = local.name
- names = [
- "loki",
- "tempo",
- ]
-
- depends_on = [module.project, module.project_services]
-}
-
-module "gke_auth" {
- source = "terraform-google-modules/kubernetes-engine/google//modules/auth"
- version = "~> 38.0"
-
- project_id = local.project_id
- cluster_name = module.k8s.cluster_name
- location = module.k8s.cluster_location
- use_private_endpoint = false
-
- depends_on = [module.k8s.cluster_id]
-}
-
-module "monitoring" {
- source = "./modules/monitoring/"
-
- loki_bucket = module.storage.buckets_map["loki"].name
- loki_s3_access_key = module.storage.access_ids["loki"]
- loki_s3_secret_key = module.storage.secrets["loki"]
-
- tempo_bucket = module.storage.buckets_map["tempo"].name
- tempo_s3_access_key = module.storage.access_ids["tempo"]
- tempo_s3_secret_key = module.storage.secrets["tempo"]
-
- depends_on = [module.k8s, module.storage, module.dns]
-}
-
-module "wazuh" {
- source = "./modules/wazuh/"
-
- helm_chart_version = var.wazuh_helm_chart_version
- subject = var.subject
-
- openid_client_id = var.openid_client_id
- openid_client_secret = var.openid_client_secret
-
- ip_addresses = {
- for k, v in local.wazuh_domains :
- k => {
- domain = v.domain
- ip_name = module.ip[k].address_name
- ip = module.ip[k].address
- }
- }
-
- depends_on = [module.k8s, module.dns]
-}
diff --git a/terraform/modules/dns/README.md b/terraform/modules/dns/README.md
deleted file mode 100644
index dce94a31..00000000
--- a/terraform/modules/dns/README.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# DNS Module
-
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [dns-public-zone](#module\_dns-public-zone) | terraform-google-modules/cloud-dns/google | ~> 5.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [name](#input\_name) | Deployment name | `string` | n/a | yes |
-| [network\_self\_link](#input\_network\_self\_link) | Network self link | `string` | n/a | yes |
-| [project\_id](#input\_project\_id) | Google Project ID | `string` | n/a | yes |
-| [root\_domain\_name](#input\_root\_domain\_name) | Zone domain, must end with a period. | `string` | n/a | yes |
-
-## Outputs
-
-No outputs.
-
\ No newline at end of file
diff --git a/terraform/modules/dns/locals.tf b/terraform/modules/dns/locals.tf
deleted file mode 100644
index a1bf55d2..00000000
--- a/terraform/modules/dns/locals.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-locals {
- # https://build5nines.com/using-terraform-string-replace-function-for-regex-string-replacement/
- zone_name = replace("${var.name}-zone-${var.root_domain_name}", "/[.]/", "-")
-}
\ No newline at end of file
diff --git a/terraform/modules/dns/main.tf b/terraform/modules/dns/main.tf
deleted file mode 100644
index 778ba250..00000000
--- a/terraform/modules/dns/main.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-module "dns-public-zone" {
- source = "terraform-google-modules/cloud-dns/google"
- version = "~> 6.0"
-
- project_id = var.project_id
- type = "public"
- name = local.zone_name
- domain = "${var.root_domain_name}."
- labels = var.labels
- private_visibility_config_networks = [var.network_self_link]
-
- recordsets = [
- for k, v in var.records :
- {
- name = k
- type = v.type
- ttl = v.ttl
- records = v.records
- }
- ]
-}
diff --git a/terraform/modules/dns/outputs.tf b/terraform/modules/dns/outputs.tf
deleted file mode 100644
index c27f44f2..00000000
--- a/terraform/modules/dns/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "name_servers" {
- value = module.dns-public-zone.name_servers
- description = "The Zone NS"
-}
-
-output "zone_name" {
- description = "Name of the managed Cloud DNS zone."
- value = local.zone_name
-}
diff --git a/terraform/modules/dns/variables.tf b/terraform/modules/dns/variables.tf
deleted file mode 100644
index e01e3f4c..00000000
--- a/terraform/modules/dns/variables.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-variable "root_domain_name" {
- description = "Zone domain, must end with a period."
- type = string
-}
-
-variable "project_id" {
- type = string
- description = "Google Project ID"
-}
-
-variable "network_self_link" {
- type = string
- description = "Network self link"
-}
-
-variable "name" {
- type = string
- description = "Deployment name"
-}
-
-variable "labels" {
- description = "Map of labels for project"
- type = map(string)
- default = {}
-}
-
-variable "records" {
- description = "Map of records for dns"
- type = map(object({
- type = string
- ttl = number
- records = list(string)
- }))
- default = {}
-}
diff --git a/terraform/modules/ip/local.tf b/terraform/modules/ip/local.tf
deleted file mode 100644
index 8abdcf49..00000000
--- a/terraform/modules/ip/local.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
- name = "${var.name}-ip"
-}
diff --git a/terraform/modules/ip/main.tf b/terraform/modules/ip/main.tf
deleted file mode 100644
index 718fdc3d..00000000
--- a/terraform/modules/ip/main.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-resource "google_compute_address" "default" {
- count = var.regional ? 1 : 0
- name = local.name
- region = var.region
- project = var.project_id
- address_type = "EXTERNAL"
-}
-
-resource "google_compute_global_address" "default" {
- count = var.regional ? 0 : 1
- name = local.name
- project = var.project_id
- address_type = "EXTERNAL"
-}
\ No newline at end of file
diff --git a/terraform/modules/ip/outputs.tf b/terraform/modules/ip/outputs.tf
deleted file mode 100644
index 638ea172..00000000
--- a/terraform/modules/ip/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "address" {
- value = coalesce(try(google_compute_global_address.default[0].address, null), try(google_compute_address.default[0].address, null))
- description = "IP Address"
-}
-
-output "address_name" {
- value = local.name
- description = "IP Address name"
-}
diff --git a/terraform/modules/ip/variables.tf b/terraform/modules/ip/variables.tf
deleted file mode 100644
index 6a044624..00000000
--- a/terraform/modules/ip/variables.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-variable "name" {
- type = string
- description = "Deployment name"
-}
-
-variable "region" {
- type = string
- description = "The region where to deploy resources"
-}
-
-variable "regional" {
- type = bool
-}
-
-variable "project_id" {
- type = string
- description = "Google Project ID"
-}
diff --git a/terraform/modules/k8s/README.md b/terraform/modules/k8s/README.md
deleted file mode 100644
index a8559632..00000000
--- a/terraform/modules/k8s/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# K8s Module
-
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [gke](#module\_gke) | terraform-google-modules/kubernetes-engine/google | ~> 36.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [deletion\_protection](#input\_deletion\_protection) | n/a | `bool` | n/a | yes |
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [machine\_type](#input\_machine\_type) | Machine type | `string` | n/a | yes |
-| [name](#input\_name) | Deployment name | `string` | n/a | yes |
-| [network\_name](#input\_network\_name) | n/a | `string` | n/a | yes |
-| [project\_id](#input\_project\_id) | The ID of the project where this GKE will be created | `string` | n/a | yes |
-| [region](#input\_region) | The region where to deploy resources | `string` | n/a | yes |
-| [sub\_network\_name](#input\_sub\_network\_name) | n/a | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [cluster\_ca](#output\_cluster\_ca) | n/a |
-| [cluster\_endpoint](#output\_cluster\_endpoint) | n/a |
-| [name](#output\_name) | n/a |
-
\ No newline at end of file
diff --git a/terraform/modules/k8s/locals.tf b/terraform/modules/k8s/locals.tf
deleted file mode 100644
index 0d91bb89..00000000
--- a/terraform/modules/k8s/locals.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
- name = "${var.name}-cluster"
-}
\ No newline at end of file
diff --git a/terraform/modules/k8s/main.tf b/terraform/modules/k8s/main.tf
deleted file mode 100644
index 660fe894..00000000
--- a/terraform/modules/k8s/main.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-module "gke" {
- source = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster"
- version = "~> 38.0"
-
- project = var.project_id
- name = local.name
- location = var.region
- network = var.network_name
- subnetwork = var.sub_network_name
-
- deletion_protection = false
-
- ip_allocation_policy = {
- cluster_secondary_range_name = var.ip_range_pod
- services_secondary_range_name = var.ip_range_services
- }
-
- private_cluster_config = {
- enable_private_nodes = true
- enable_private_endpoint = false
- master_global_access_config = {
- enabled = true
- }
- }
-
- addons_config = {
- gcp_filestore_csi_driver_config = {
- enabled = true
- }
- }
-
- confidential_nodes = {
- enabled = false
- }
-}
diff --git a/terraform/modules/k8s/outputs.tf b/terraform/modules/k8s/outputs.tf
deleted file mode 100644
index 29e8332d..00000000
--- a/terraform/modules/k8s/outputs.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-output "cluster_name" {
- value = module.gke.cluster_name
-}
-
-output "cluster_location" {
- value = module.gke.location
- description = "K8s Cluster location"
-}
-
-output "cluster_id" {
- value = module.gke.cluster_id
-}
\ No newline at end of file
diff --git a/terraform/modules/k8s/variables.tf b/terraform/modules/k8s/variables.tf
deleted file mode 100644
index 55760ed8..00000000
--- a/terraform/modules/k8s/variables.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-variable "project_id" {
- type = string
- description = "The ID of the project where this GKE will be created"
-}
-
-variable "region" {
- type = string
- description = "The region where to deploy resources"
-}
-
-variable "name" {
- type = string
- description = "Deployment name"
-}
-
-variable "network_name" {
- type = string
-}
-
-variable "sub_network_name" {
- type = string
-}
-
-variable "ip_range_pod" {
- type = string
-}
-
-variable "ip_range_services" {
- type = string
-}
diff --git a/terraform/modules/monitoring/README.md b/terraform/modules/monitoring/README.md
deleted file mode 100644
index 96f5a4a9..00000000
--- a/terraform/modules/monitoring/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# Helm Module
-
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [gis\_application\_release](#module\_gis\_application\_release) | blackbird-cloud/deployment/helm | ~> 1.0 |
-| [gis\_sschool\_release](#module\_gis\_sschool\_release) | blackbird-cloud/deployment/helm | ~> 1.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [cluster\_name](#input\_cluster\_name) | Cluster name | `string` | n/a | yes |
-| [db\_host](#input\_db\_host) | DB host | `string` | n/a | yes |
-| [db\_password](#input\_db\_password) | DB password | `string` | n/a | yes |
-| [db\_username](#input\_db\_username) | DB username | `string` | n/a | yes |
-| [gis\_application\_auth\_secret](#input\_gis\_application\_auth\_secret) | GIS Application auth secret | `string` | n/a | yes |
-| [gis\_application\_bucket](#input\_gis\_application\_bucket) | GIS Application bucket name | `string` | n/a | yes |
-| [gis\_application\_chart\_version](#input\_gis\_application\_chart\_version) | GIS Application Helm chart version | `string` | n/a | yes |
-| [gis\_application\_dns](#input\_gis\_application\_dns) | GIS Application DNS | `string` | n/a | yes |
-| [gis\_application\_oauth\_client\_id](#input\_gis\_application\_oauth\_client\_id) | GIS Application OAuth client ID | `string` | n/a | yes |
-| [gis\_application\_oauth\_client\_secret](#input\_gis\_application\_oauth\_client\_secret) | GIS Application OAuth client secret | `string` | n/a | yes |
-| [gis\_application\_s3\_access\_key](#input\_gis\_application\_s3\_access\_key) | GIS Application S3 access key | `string` | n/a | yes |
-| [gis\_application\_s3\_secret\_key](#input\_gis\_application\_s3\_secret\_key) | GIS Application S3 secret key | `string` | n/a | yes |
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [name](#input\_name) | Deployment name | `string` | n/a | yes |
-| [openai\_key](#input\_openai\_key) | OpenAI provider key | `string` | n/a | yes |
-| [openai\_url](#input\_openai\_url) | OpenAI provider url | `string` | n/a | yes |
-| [project\_id](#input\_project\_id) | Google Project ID | `string` | n/a | yes |
-| [redis\_host](#input\_redis\_host) | Redis host | `string` | n/a | yes |
-| [redis\_port](#input\_redis\_port) | Redis port | `string` | n/a | yes |
-| [region](#input\_region) | Google Region | `string` | n/a | yes |
-| [repository\_password](#input\_repository\_password) | Helm repository password | `string` | n/a | yes |
-| [repository\_username](#input\_repository\_username) | Helm repository username | `string` | n/a | yes |
-| [sschool\_auth\_secret](#input\_sschool\_auth\_secret) | SSchool auth secret | `string` | n/a | yes |
-| [sschool\_bucket](#input\_sschool\_bucket) | SSchool bucket name | `string` | n/a | yes |
-| [sschool\_chart\_version](#input\_sschool\_chart\_version) | SSchool Helm chart version | `string` | n/a | yes |
-| [sschool\_dns](#input\_sschool\_dns) | SSchool DNS | `string` | n/a | yes |
-| [sschool\_oauth\_client\_id](#input\_sschool\_oauth\_client\_id) | SSchool OAuth client ID | `string` | n/a | yes |
-| [sschool\_oauth\_client\_secret](#input\_sschool\_oauth\_client\_secret) | SSchool OAuth client secret | `string` | n/a | yes |
-| [sschool\_s3\_access\_key](#input\_sschool\_s3\_access\_key) | SSchool S3 access key | `string` | n/a | yes |
-| [sschool\_s3\_secret\_key](#input\_sschool\_s3\_secret\_key) | SSchool S3 secret key | `string` | n/a | yes |
-
-## Outputs
-
-No outputs.
-
\ No newline at end of file
diff --git a/terraform/modules/monitoring/files/monitoring-secrets.values.yaml b/terraform/modules/monitoring/files/monitoring-secrets.values.yaml
deleted file mode 100644
index b9650260..00000000
--- a/terraform/modules/monitoring/files/monitoring-secrets.values.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-resources:
- - apiVersion: v1
- kind: ConfigMap
- metadata:
- name: loki-s3
- namespace: ${ns_monitoring}
- type: kubernetes.io/basic-auth
- data:
- bucket: ${loki_bucket}
-
- - apiVersion: v1
- kind: Secret
- metadata:
- name: loki-s3-credentials
- namespace: ${ns_monitoring}
- type: kubernetes.io/basic-auth
- stringData:
- username: ${loki_s3_access_key}
- password: ${loki_s3_secret_key}
-
- - apiVersion: v1
- kind: ConfigMap
- metadata:
- name: tempo-s3
- namespace: ${ns_monitoring}
- type: kubernetes.io/basic-auth
- data:
- bucket: ${tempo_bucket}
-
- - apiVersion: v1
- kind: Secret
- metadata:
- name: tempo-s3-credentials
- namespace: ${ns_monitoring}
- type: kubernetes.io/basic-auth
- stringData:
- username: ${tempo_s3_access_key}
- password: ${tempo_s3_secret_key}
diff --git a/terraform/modules/monitoring/main.tf b/terraform/modules/monitoring/main.tf
deleted file mode 100644
index 1c7313b3..00000000
--- a/terraform/modules/monitoring/main.tf
+++ /dev/null
@@ -1,33 +0,0 @@
-module "monitoring-secrets" {
- source = "blackbird-cloud/deployment/helm"
- version = "~> 1.0"
-
- name = "monitoring-secrets"
- namespace = kubernetes_namespace.monitoring_namespace.metadata[0].name
- create_namespace = false
-
- repository = "https://bedag.github.io/helm-charts"
- chart = "raw"
- chart_version = "2.0.0"
-
- values = [
- templatefile("${path.module}/files/monitoring-secrets.values.yaml", {
- loki_bucket = var.loki_bucket
- loki_s3_access_key = var.loki_s3_access_key
- loki_s3_secret_key = var.loki_s3_secret_key
- tempo_bucket = var.tempo_bucket
- tempo_s3_access_key = var.tempo_s3_access_key
- tempo_s3_secret_key = var.tempo_s3_secret_key
- ns_monitoring = kubernetes_namespace.monitoring_namespace.metadata[0].name
- })
- ]
-
- cleanup_on_fail = false
- wait = false
-}
-
-resource "kubernetes_namespace" "monitoring_namespace" {
- metadata {
- name = "monitoring"
- }
-}
diff --git a/terraform/modules/monitoring/variables.tf b/terraform/modules/monitoring/variables.tf
deleted file mode 100644
index 8e33714a..00000000
--- a/terraform/modules/monitoring/variables.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-####
-
-variable "loki_bucket" {
- type = string
-}
-
-variable "loki_s3_access_key" {
- type = string
- sensitive = true
-}
-
-variable "loki_s3_secret_key" {
- type = string
- sensitive = true
-}
-
-####
-
-variable "tempo_bucket" {
- type = string
-}
-
-variable "tempo_s3_access_key" {
- type = string
- sensitive = true
-}
-
-variable "tempo_s3_secret_key" {
- type = string
- sensitive = true
-}
-
diff --git a/terraform/modules/project/README.md b/terraform/modules/project/README.md
deleted file mode 100644
index dbc112a9..00000000
--- a/terraform/modules/project/README.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Project Module
-
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [gis](#module\_gis) | terraform-google-modules/project-factory/google | ~> 18.0 |
-| [mighty\_role](#module\_mighty\_role) | terraform-google-modules/iam/google//modules/custom_role_iam | ~> 8.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [api\_enabled\_services](#input\_api\_enabled\_services) | The list of apis necessary for the project | `list(string)` | `[]` | no |
-| [billing\_account](#input\_billing\_account) | Billing account assign to project | `string` | n/a | yes |
-| [credentials](#input\_credentials) | n/a | `string` | n/a | yes |
-| [folder\_id](#input\_folder\_id) | Folder ID | `string` | `null` | no |
-| [iam\_principals](#input\_iam\_principals) | List of role (key) names to grant permissions to | `list(string)` | n/a | yes |
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [name](#input\_name) | Project Name | `string` | n/a | yes |
-| [org\_id](#input\_org\_id) | Project Name | `string` | `null` | no |
-| [project\_id](#input\_project\_id) | Unique project ID | `string` | `null` | no |
-| [region](#input\_region) | Project region | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [project\_id](#output\_project\_id) | n/a |
-
\ No newline at end of file
diff --git a/terraform/modules/project/main.tf b/terraform/modules/project/main.tf
deleted file mode 100644
index 0af559e7..00000000
--- a/terraform/modules/project/main.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-module "gis" {
- source = "terraform-google-modules/project-factory/google"
- version = "~> 18.0"
-
- name = var.name
- random_project_id = var.project_id == ""
- project_id = var.project_id
- org_id = var.org_id
- billing_account = var.billing_account
- default_service_account = "keep"
- folder_id = var.folder_id
- activate_apis = var.api_enabled_services
-
- deletion_policy = "DELETE"
-
- labels = var.labels
-}
\ No newline at end of file
diff --git a/terraform/modules/project/output.tf b/terraform/modules/project/output.tf
deleted file mode 100644
index c16fe349..00000000
--- a/terraform/modules/project/output.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-output "project_id" {
- value = module.gis.project_id
-}
diff --git a/terraform/modules/project/variables.tf b/terraform/modules/project/variables.tf
deleted file mode 100644
index cd67219e..00000000
--- a/terraform/modules/project/variables.tf
+++ /dev/null
@@ -1,50 +0,0 @@
-variable "name" {
- description = "Project Name"
- type = string
-}
-
-variable "region" {
- description = "Project region"
- type = string
-}
-
-variable "credentials" {
- type = string
- sensitive = true
-}
-
-variable "org_id" {
- description = "Project Name"
- type = string
- default = null
-}
-
-variable "project_id" {
- description = "Unique project ID"
- type = string
- default = null
-}
-
-variable "folder_id" {
- description = "Folder ID"
- type = string
- default = null
-}
-
-variable "billing_account" {
- description = "Billing account assign to project"
- type = string
- sensitive = true
-}
-
-variable "api_enabled_services" {
- description ="The list of apis necessary for the project"
- type = list(string)
- default = []
-}
-
-variable "labels" {
- description = "Map of labels for project"
- type = map(string)
- default = {}
-}
\ No newline at end of file
diff --git a/terraform/modules/storage/README.md b/terraform/modules/storage/README.md
deleted file mode 100644
index 9178877d..00000000
--- a/terraform/modules/storage/README.md
+++ /dev/null
@@ -1,37 +0,0 @@
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [gcs\_buckets](#module\_gcs\_buckets) | terraform-google-modules/cloud-storage/google | ~> 10.0 |
-| [service\_accounts](#module\_service\_accounts) | terraform-google-modules/service-accounts/google | ~> 4.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [name](#input\_name) | n/a | `string` | n/a | yes |
-| [names](#input\_names) | List of names for the project | `list(string)` | n/a | yes |
-| [project\_id](#input\_project\_id) | Google Project ID | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [access\_ids](#output\_access\_ids) | n/a |
-| [buckets\_map](#output\_buckets\_map) | n/a |
-| [secrets](#output\_secrets) | n/a |
-
\ No newline at end of file
diff --git a/terraform/modules/storage/locals.tf b/terraform/modules/storage/locals.tf
deleted file mode 100644
index 31cba424..00000000
--- a/terraform/modules/storage/locals.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-locals {
- name = "${var.project_id}-storage"
-}
\ No newline at end of file
diff --git a/terraform/modules/storage/main.tf b/terraform/modules/storage/main.tf
deleted file mode 100644
index 686bed79..00000000
--- a/terraform/modules/storage/main.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-module "gcs_buckets" {
- source = "terraform-google-modules/cloud-storage/google"
- version = "~> 10.0"
- project_id = var.project_id
- names = var.names
- prefix = local.name
-
- labels = var.labels
- set_hmac_access = true
- hmac_service_accounts = {
- for key in module.service_accounts.emails_list : key => "ACTIVE"
- }
-}
-
-module "service_accounts" {
- source = "terraform-google-modules/service-accounts/google"
- version = "~> 4.0"
- project_id = var.project_id
- prefix = var.name
- names = var.names
- project_roles = [
- "${var.project_id}=>roles/viewer",
- "${var.project_id}=>roles/storage.admin",
- ]
-}
\ No newline at end of file
diff --git a/terraform/modules/storage/output.tf b/terraform/modules/storage/output.tf
deleted file mode 100644
index 01676550..00000000
--- a/terraform/modules/storage/output.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-output "buckets_map" {
- value = module.gcs_buckets.buckets_map
-}
-
-output "access_ids" {
- value = {
- for idx, name in var.names :name =>
- module.gcs_buckets.hmac_keys[0][module.service_accounts.service_accounts_map[name].email].access_id
- }
-}
-
-output "secrets" {
- value = {
- for idx, name in var.names :name =>
- module.gcs_buckets.hmac_keys[0][module.service_accounts.service_accounts_map[name].email].secret
- }
-}
\ No newline at end of file
diff --git a/terraform/modules/storage/variables.tf b/terraform/modules/storage/variables.tf
deleted file mode 100644
index d32ef2f9..00000000
--- a/terraform/modules/storage/variables.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-variable "project_id" {
- type = string
- description = "Google Project ID"
-}
-
-variable "name" {
- type = string
-}
-
-variable "labels" {
- description = "Map of labels for project"
- type = map(string)
- default = {}
-}
-
-variable "names" {
- type = list(string)
- description = "List of names for the project"
-}
\ No newline at end of file
diff --git a/terraform/modules/vpc/README.md b/terraform/modules/vpc/README.md
deleted file mode 100644
index 5354ded4..00000000
--- a/terraform/modules/vpc/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# VPC Module
-
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [private-service-access](#module\_private-service-access) | terraform-google-modules/sql-db/google//modules/private_service_access | ~> 25.0 |
-| [vpc](#module\_vpc) | terraform-google-modules/network/google | ~> 10.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [name](#input\_name) | The name of the project where this VPC will be created | `string` | n/a | yes |
-| [project\_id](#input\_project\_id) | The ID of the project where this VPC will be created | `string` | n/a | yes |
-| [region](#input\_region) | The region where to deploy resources | `string` | n/a | yes |
-| [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block for the VPC | `string` | `"43.21.0.0/17"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [network\_id](#output\_network\_id) | n/a |
-| [network\_name](#output\_network\_name) | n/a |
-| [network\_self\_link](#output\_network\_self\_link) | n/a |
-| [sub\_network\_names](#output\_sub\_network\_names) | n/a |
-
\ No newline at end of file
diff --git a/terraform/modules/vpc/locals.tf b/terraform/modules/vpc/locals.tf
deleted file mode 100644
index 095b769b..00000000
--- a/terraform/modules/vpc/locals.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-locals {
- name = "${var.name}-vpc"
- router_name = "${var.name}-router"
- nat_name = "${var.name}-nat"
- pub_sub_network_name = "${local.name}-subnet-01"
- priv_sub_network_name = "${local.name}-subnet-02"
-
- ip_range_name_pod = "${local.name}-ip-range-pods"
- ip_range_name_services = "${local.name}-ip-range-services"
-}
diff --git a/terraform/modules/vpc/main.tf b/terraform/modules/vpc/main.tf
deleted file mode 100644
index c3c49e6c..00000000
--- a/terraform/modules/vpc/main.tf
+++ /dev/null
@@ -1,66 +0,0 @@
-module "vpc" {
- source = "terraform-google-modules/network/google"
- version = "~> 12.0"
-
- project_id = var.project_id
- network_name = local.name
- routing_mode = "GLOBAL"
-
- subnets = [
- {
- subnet_name = local.pub_sub_network_name
- subnet_ip = "10.10.0.0/18"
- subnet_region = var.region
- auto_upgrade = true
- auto_repair = true
- },
- {
- subnet_name = local.priv_sub_network_name
- subnet_ip = "10.10.64.0/18"
- subnet_region = var.region
- subnet_private_access = true
- auto_upgrade = true
- auto_repair = true
- },
- ]
-
- secondary_ranges = {
- (local.pub_sub_network_name) = [
- {
- range_name = "ip-range-pods"
- ip_cidr_range = "10.11.0.0/18"
- },
- {
- range_name = "ip-range-services"
- ip_cidr_range = "10.11.64.0/18"
- },
- ],
- (local.priv_sub_network_name) = [
- {
- range_name = local.ip_range_name_pod
- ip_cidr_range = "10.23.0.0/18"
- },
- {
- range_name = local.ip_range_name_services
- ip_cidr_range = "10.23.64.0/18"
- },
- ]
- }
-
- auto_create_subnetworks = false
-}
-
-module "cloud_router" {
- source = "terraform-google-modules/cloud-router/google"
- version = "~> 7.0"
-
- name = local.router_name
- project = var.project_id
- network = module.vpc.network_name
- region = var.region
-
- nats = [{
- name = local.nat_name
- source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
- }]
-}
diff --git a/terraform/modules/vpc/outputs.tf b/terraform/modules/vpc/outputs.tf
deleted file mode 100644
index bf7916c2..00000000
--- a/terraform/modules/vpc/outputs.tf
+++ /dev/null
@@ -1,35 +0,0 @@
-output "network_id" {
- value = module.vpc.network_id
-}
-
-output "network_name" {
- value = module.vpc.network_name
-}
-
-output "subnets_ips" {
- value = module.vpc.subnets_ips
-}
-
-output "pub_sub_network_name" {
- value = local.pub_sub_network_name
-}
-
-output "priv_sub_network_name" {
- value = local.priv_sub_network_name
-}
-
-output "network_self_link" {
- value = module.vpc.network_self_link
-}
-
-output "subnets" {
- value = module.vpc.subnets
-}
-
-output "ip_range_pod" {
- value = local.ip_range_name_pod
-}
-
-output "ip_range_services" {
- value = local.ip_range_name_services
-}
\ No newline at end of file
diff --git a/terraform/modules/vpc/variables.tf b/terraform/modules/vpc/variables.tf
deleted file mode 100644
index 2f8eb9fc..00000000
--- a/terraform/modules/vpc/variables.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-variable "project_id" {
- type = string
- description = "The ID of the project where this VPC will be created"
-}
-
-variable "region" {
- type = string
- description = "The region where to deploy resources"
-}
-
-variable "name" {
- type = string
- description = "The name of the project where this VPC will be created"
-}
diff --git a/terraform/modules/wazuh/README.md b/terraform/modules/wazuh/README.md
deleted file mode 100644
index 96f5a4a9..00000000
--- a/terraform/modules/wazuh/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# Helm Module
-
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-No providers.
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [gis\_application\_release](#module\_gis\_application\_release) | blackbird-cloud/deployment/helm | ~> 1.0 |
-| [gis\_sschool\_release](#module\_gis\_sschool\_release) | blackbird-cloud/deployment/helm | ~> 1.0 |
-
-## Resources
-
-No resources.
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [cluster\_name](#input\_cluster\_name) | Cluster name | `string` | n/a | yes |
-| [db\_host](#input\_db\_host) | DB host | `string` | n/a | yes |
-| [db\_password](#input\_db\_password) | DB password | `string` | n/a | yes |
-| [db\_username](#input\_db\_username) | DB username | `string` | n/a | yes |
-| [gis\_application\_auth\_secret](#input\_gis\_application\_auth\_secret) | GIS Application auth secret | `string` | n/a | yes |
-| [gis\_application\_bucket](#input\_gis\_application\_bucket) | GIS Application bucket name | `string` | n/a | yes |
-| [gis\_application\_chart\_version](#input\_gis\_application\_chart\_version) | GIS Application Helm chart version | `string` | n/a | yes |
-| [gis\_application\_dns](#input\_gis\_application\_dns) | GIS Application DNS | `string` | n/a | yes |
-| [gis\_application\_oauth\_client\_id](#input\_gis\_application\_oauth\_client\_id) | GIS Application OAuth client ID | `string` | n/a | yes |
-| [gis\_application\_oauth\_client\_secret](#input\_gis\_application\_oauth\_client\_secret) | GIS Application OAuth client secret | `string` | n/a | yes |
-| [gis\_application\_s3\_access\_key](#input\_gis\_application\_s3\_access\_key) | GIS Application S3 access key | `string` | n/a | yes |
-| [gis\_application\_s3\_secret\_key](#input\_gis\_application\_s3\_secret\_key) | GIS Application S3 secret key | `string` | n/a | yes |
-| [labels](#input\_labels) | Map of labels for project | `map(string)` | `{}` | no |
-| [name](#input\_name) | Deployment name | `string` | n/a | yes |
-| [openai\_key](#input\_openai\_key) | OpenAI provider key | `string` | n/a | yes |
-| [openai\_url](#input\_openai\_url) | OpenAI provider url | `string` | n/a | yes |
-| [project\_id](#input\_project\_id) | Google Project ID | `string` | n/a | yes |
-| [redis\_host](#input\_redis\_host) | Redis host | `string` | n/a | yes |
-| [redis\_port](#input\_redis\_port) | Redis port | `string` | n/a | yes |
-| [region](#input\_region) | Google Region | `string` | n/a | yes |
-| [repository\_password](#input\_repository\_password) | Helm repository password | `string` | n/a | yes |
-| [repository\_username](#input\_repository\_username) | Helm repository username | `string` | n/a | yes |
-| [sschool\_auth\_secret](#input\_sschool\_auth\_secret) | SSchool auth secret | `string` | n/a | yes |
-| [sschool\_bucket](#input\_sschool\_bucket) | SSchool bucket name | `string` | n/a | yes |
-| [sschool\_chart\_version](#input\_sschool\_chart\_version) | SSchool Helm chart version | `string` | n/a | yes |
-| [sschool\_dns](#input\_sschool\_dns) | SSchool DNS | `string` | n/a | yes |
-| [sschool\_oauth\_client\_id](#input\_sschool\_oauth\_client\_id) | SSchool OAuth client ID | `string` | n/a | yes |
-| [sschool\_oauth\_client\_secret](#input\_sschool\_oauth\_client\_secret) | SSchool OAuth client secret | `string` | n/a | yes |
-| [sschool\_s3\_access\_key](#input\_sschool\_s3\_access\_key) | SSchool S3 access key | `string` | n/a | yes |
-| [sschool\_s3\_secret\_key](#input\_sschool\_s3\_secret\_key) | SSchool S3 secret key | `string` | n/a | yes |
-
-## Outputs
-
-No outputs.
-
\ No newline at end of file
diff --git a/terraform/modules/wazuh/cert-auth.tf b/terraform/modules/wazuh/cert-auth.tf
deleted file mode 100644
index feb923e3..00000000
--- a/terraform/modules/wazuh/cert-auth.tf
+++ /dev/null
@@ -1,60 +0,0 @@
-resource "helm_release" "wazuh-cert-server" {
- count = 1
-
- name = "wazuh-cert-server"
- namespace = kubernetes_namespace.wazuh_namespace.metadata[0].name
- create_namespace = false
-
- repository = "https://adorsys-gis.github.io/wazuh-cert-oauth2"
- chart = "wazuh-cert-server"
- version = "0.2.25"
-
- values = [
- file("${path.module}/files/.wazuh-cert-oauth2/charts/wazuh-cert-server/values-pvc.yaml"),
- templatefile("${path.module}/files/cert.values.yaml", {
- cert_domain = var.ip_addresses.cert.domain
- cert_certificate_name = local.cert_certificate_name
- cert_name = var.ip_addresses.cert.ip_name
- openid_connect_url = var.openid_connect_url
- })
- ]
-
- set {
- name = "cert.persistence.certs.name"
- value = local.root_secret_name
- }
-
- cleanup_on_fail = false
- wait = false
-
- depends_on = [kubernetes_namespace.wazuh_namespace]
-}
-
-resource "helm_release" "wazuh-cert-webhook" {
- count = 1
-
- name = "wazuh-cert-webhook"
- namespace = kubernetes_namespace.wazuh_namespace.metadata[0].name
- create_namespace = false
-
- repository = "https://adorsys-gis.github.io/wazuh-cert-oauth2"
- chart = "wazuh-cert-webhook"
- version = "0.2.27"
-
- values = [
- file("${path.module}/files/.wazuh-cert-oauth2/charts/wazuh-cert-webhook/values-pvc.yaml"),
- templatefile("${path.module}/files/cert-webhook.values.yaml", {
- openid_connect_url = var.openid_connect_url
- })
- ]
-
- set {
- name = "cert.persistence.certs.name"
- value = local.root_secret_name
- }
-
- cleanup_on_fail = false
- wait = false
-
- depends_on = [kubernetes_namespace.wazuh_namespace]
-}
diff --git a/terraform/modules/wazuh/deps.tf b/terraform/modules/wazuh/deps.tf
deleted file mode 100644
index 02e6e765..00000000
--- a/terraform/modules/wazuh/deps.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-resource "helm_release" "other_resources" {
- count = 1
- name = "other-resources"
- namespace = kubernetes_namespace.wazuh_namespace.metadata[0].name
- create_namespace = false
-
- repository = "https://bedag.github.io/helm-charts"
- chart = "raw"
- version = "2.0.0"
-
- values = [templatefile("${path.module}/files/resources.yaml", {
- ns = kubernetes_namespace.wazuh_namespace.metadata[0].name
- dashboard_certificate_name = local.dashboard_certificate_name
- dashboard_domain = var.ip_addresses.dashboard.domain
- manager_certificate_name = local.manager_certificate_name
- manager_domain = var.ip_addresses.manager.domain
- cert_certificate_name = local.cert_certificate_name
- cert_domain = var.ip_addresses.cert.domain
- })]
-
- cleanup_on_fail = false
- wait = false
-}
diff --git a/terraform/modules/wazuh/files/.wazuh-cert-oauth2 b/terraform/modules/wazuh/files/.wazuh-cert-oauth2
deleted file mode 160000
index 7a40e716..00000000
--- a/terraform/modules/wazuh/files/.wazuh-cert-oauth2
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 7a40e716057f9b3310b24bce4a9d642347f0840c
diff --git a/terraform/modules/wazuh/files/.wazuh-helm b/terraform/modules/wazuh/files/.wazuh-helm
deleted file mode 160000
index 3a69e4b0..00000000
--- a/terraform/modules/wazuh/files/.wazuh-helm
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 3a69e4b0b4459cdeff117554c639c4a2f9377a39
diff --git a/terraform/modules/wazuh/files/cert-webhook.values.yaml b/terraform/modules/wazuh/files/cert-webhook.values.yaml
deleted file mode 100644
index 2d2b4a84..00000000
--- a/terraform/modules/wazuh/files/cert-webhook.values.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-global:
- version: "main8935cb277d12a2b9cdffab857f99fefb5b1c09dc"
-webhook:
- persistence:
- data:
- size: 1Gi
- storageClass: "wazuh-rwx"
-
- controllers:
- app:
- initContainers:
- permission-fix:
- resources:
- requests:
- cpu: null
- memory: null
- limits:
- cpu: null
- memory: null
- containers:
- app:
- resources:
- requests:
- cpu: null
- memory: null
- limits:
- cpu: null
- memory: null
-
- env:
- SERVER_BASE_URL: 'http://wazuh-cert-server:8000'
- RUST_LOG: 'warn'
- OAUTH_ISSUER: '${openid_connect_url}'
-
- # TODO One of these is required
- OAUTH_CLIENT_ID: ""
- OAUTH_CLIENT_SECRET: ""
- WEBHOOK_BASIC_USER: ""
- WEBHOOK_BASIC_PASSWORD: ""
\ No newline at end of file
diff --git a/terraform/modules/wazuh/files/cert.values.yaml b/terraform/modules/wazuh/files/cert.values.yaml
deleted file mode 100644
index 528b1df2..00000000
--- a/terraform/modules/wazuh/files/cert.values.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-global:
- domain: "${cert_domain}"
- version: "main02d369668ca611feadd5d094ef4f587501977a3f"
-cert:
- controllers:
- main:
- initContainers:
- permission-fix:
- resources:
- requests:
- cpu: null
- memory: null
- limits:
- cpu: null
- memory: null
- ensure-ledger-csv:
- enabled: true # toggle this, as normally the permission-fix should run first
- resources:
- requests:
- cpu: null
- memory: null
- limits:
- cpu: null
- memory: null
- containers:
- main:
- resources:
- requests:
- cpu: null
- memory: null
- limits:
- cpu: null
- memory: null
-
- env:
- RUST_LOG: 'warn'
- OAUTH_ISSUER: '${openid_connect_url}'
- service:
- main:
- annotations:
- cloud.google.com/backend-config: '{"ports":{"http":"cert-backend-config"}}'
-
- persistence:
- data:
- size: 1Gi
- storageClass: "wazuh-rwx"
-
- ingress:
- main:
- enabled: true
- className: null
- annotations:
- networking.gke.io/managed-certificates: "${cert_certificate_name}"
- kubernetes.io/ingress.global-static-ip-name: "${cert_name}"
\ No newline at end of file
diff --git a/terraform/modules/wazuh/files/resources.yaml b/terraform/modules/wazuh/files/resources.yaml
deleted file mode 100644
index 6a2ebee2..00000000
--- a/terraform/modules/wazuh/files/resources.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
-resources:
- - apiVersion: networking.gke.io/v1
- kind: ManagedCertificate
- metadata:
- name: ${dashboard_certificate_name}
- namespace: ${ns}
- labels:
- app: wazuh
- spec:
- domains:
- - ${dashboard_domain}
- - apiVersion: networking.gke.io/v1
- kind: ManagedCertificate
- metadata:
- name: ${manager_certificate_name}
- namespace: ${ns}
- labels:
- app: wazuh
- spec:
- domains:
- - ${manager_domain}
- - apiVersion: networking.gke.io/v1
- kind: ManagedCertificate
- metadata:
- name: ${cert_certificate_name}
- namespace: ${ns}
- labels:
- app: wazuh
- spec:
- domains:
- - ${cert_domain}
-
- - apiVersion: cloud.google.com/v1
- kind: BackendConfig
- metadata:
- name: wazuh-dashboard-backend-config
- namespace: ${ns}
- spec:
- healthCheck:
- type: HTTPS
- port: 5601
- requestPath: /api/status
- timeoutSec: 5
- checkIntervalSec: 30
- healthyThreshold: 2
- unhealthyThreshold: 3
-
- - apiVersion: cloud.google.com/v1
- kind: BackendConfig
- metadata:
- name: cert-backend-config
- namespace: ${ns}
- spec:
- healthCheck:
- type: HTTP
- port: 8000
- requestPath: /health
- timeoutSec: 5
- checkIntervalSec: 30
- healthyThreshold: 2
- unhealthyThreshold: 3
-
- - apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: max-map-count-setter
- namespace: ${ns}
- spec:
- selector:
- matchLabels:
- name: max-map-count-setter
- template:
- metadata:
- labels:
- name: max-map-count-setter
- spec:
- # One tiny init container that sets the node kernel sysctl
- initContainers:
- - name: max-map-count-setter
- image: docker.io/bash:5.2.21
- resources:
- limits:
- cpu: 100m
- memory: 32Mi
- securityContext:
- privileged: true
- runAsUser: 0
- command: [ "/usr/local/bin/bash","-e","-c","echo 262144 > /proc/sys/vm/max_map_count" ]
- # Keep the pod around
- containers:
- - name: sleep
- image: docker.io/bash:5.2.21
- command: [ "sleep","infinity" ]
diff --git a/terraform/modules/wazuh/files/wazuh.values.yaml b/terraform/modules/wazuh/files/wazuh.values.yaml
deleted file mode 100644
index 70a8ed35..00000000
--- a/terraform/modules/wazuh/files/wazuh.values.yaml
+++ /dev/null
@@ -1,85 +0,0 @@
-global:
- domain: ${dashboard_domain}
-
-fullnameOverride: wazuh
-
-indexer:
- replicas: 2
- persistence:
- size: 100Gi
- keycloak:
- enabled: true
- openid_connect_url: "${openid_connect_url}/.well-known/openid-configuration"
- base_redirect_url: "https://{{ .Values.global.domain }}"
-
-master:
- replicaCount: 1
- persistence:
- size: 50Gi
- resources:
- limits:
- ephemeral-storage: 10Gi
- requests:
- ephemeral-storage: 10Gi
-
-worker:
- replicaCount: 2
- persistence:
- size: 50Gi
- resources:
- limits:
- ephemeral-storage: 10Gi
- requests:
- ephemeral-storage: 10Gi
-
-integration:
- jira:
- enabled: false
-
-extraVolumeConfigs:
- '{{ include "common.names.fullname" $ }}-manager-backup':
- resources:
- requests:
- storage: 10Gi
- snort-alerts:
- resources:
- requests:
- storage: 10Gi
- owasp-zap-alerts:
- resources:
- requests:
- storage: 10Gi
-
-dashboard:
- ingress:
- enabled: true
- host: "${dashboard_domain}"
- className: null
- tls:
- enabled: false
- #useSecret: true
- annotations:
- networking.gke.io/managed-certificates: "${dashboard_certificate_name}"
- kubernetes.io/ingress.global-static-ip-name: "${dashboard_name}"
- #kubernetes.io/ingress.allow-http: "false"
- branding:
- logo:
- defaultUrl: "https://wazuh-assets-bucket.s3.eu-central-1.amazonaws.com/images/favicon-dark.svg"
- mark:
- defaultUrl: "https://wazuh-assets-bucket.s3.eu-central-1.amazonaws.com/images/favicon-dark.svg"
- # darkModeUrl: ""
- loadingLogo:
- defaultUrl: "https://wazuh-assets-bucket.s3.eu-central-1.amazonaws.com/images/favicon-dark.svg"
- # darkModeUrl: ""
- faviconUrl: "https://wazuh-assets-bucket.s3.eu-central-1.amazonaws.com/images/favicon-dark.svg"
- applicationTitle: "SIEM"
- useExpandedHeader: false
-
-svcs:
- '{{ include "common.names.fullname" $ }}-ext':
- enabled: true
- loadBalancerIP: "${manager_ip}"
- '{{ include "common.names.fullname" $ }}-dashboard':
- annotations:
- cloud.google.com/backend-config: '{"ports":{"dashboard":"wazuh-dashboard-backend-config"}}'
- cloud.google.com/app-protocols: '{"dashboard":"HTTPS"}'
\ No newline at end of file
diff --git a/terraform/modules/wazuh/locals.tf b/terraform/modules/wazuh/locals.tf
deleted file mode 100644
index 0d13b56b..00000000
--- a/terraform/modules/wazuh/locals.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-locals {
- name = "wazuh"
- root_secret_name = "${local.name}-root-secret"
- dashboard_certificate_name = replace(var.ip_addresses.dashboard.domain, "/[.]/", "-")
- cert_certificate_name = replace(var.ip_addresses.cert.domain, "/[.]/", "-")
- manager_certificate_name = replace(var.ip_addresses.manager.domain, "/[.]/", "-")
-}
diff --git a/terraform/modules/wazuh/variables.tf b/terraform/modules/wazuh/variables.tf
deleted file mode 100644
index d5668fa2..00000000
--- a/terraform/modules/wazuh/variables.tf
+++ /dev/null
@@ -1,47 +0,0 @@
-variable "helm_chart_version" {
- type = string
-}
-
-variable "openid_connect_url" {
- type = string
- default = "https://login.dev.wazuh.adorsys.team/realms/test-adorsys"
-}
-
-variable "openid_client_id" {
- sensitive = true
- type = string
-}
-
-variable "openid_client_secret" {
- sensitive = true
- type = string
-}
-
-variable "subject" {
- type = object({
- country = string
- locality = string
- organization = string
- common_name = string
- })
-}
-
-variable "ip_addresses" {
- type = object({
- dashboard = object({
- domain = string
- ip_name = string
- ip = string
- })
- cert = object({
- domain = string
- ip_name = string
- ip = string
- })
- manager = object({
- domain = string
- ip_name = string
- ip = string
- })
- })
-}
diff --git a/terraform/modules/wazuh/wazuh.tf b/terraform/modules/wazuh/wazuh.tf
deleted file mode 100644
index 40b701cd..00000000
--- a/terraform/modules/wazuh/wazuh.tf
+++ /dev/null
@@ -1,113 +0,0 @@
-resource "helm_release" "wazuh" {
- count = 1
-
- name = "wazuh-release"
- namespace = kubernetes_namespace.wazuh_namespace.metadata[0].name
- create_namespace = false
-
- repository = "https://adorsys-gis.github.io/wazuh-helm"
- chart = "wazuh-helm"
- version = var.helm_chart_version
-
- values = [
- file("${path.module}/files/.wazuh-helm/charts/wazuh/values-high-ressources.yaml"),
- file("${path.module}/files/.wazuh-helm/charts/wazuh/values-gke.yaml"),
- file("${path.module}/files/.wazuh-helm/charts/wazuh/values-gke-pv.yaml"),
- file("${path.module}/files/.wazuh-helm/charts/wazuh/values-gke-svc.yaml"),
- file("${path.module}/files/.wazuh-helm/charts/wazuh/values-gke-autopilot.yaml"),
- file("${path.module}/files/.wazuh-helm/charts/wazuh/values-permission-fix.yaml"),
- templatefile("${path.module}/files/wazuh.values.yaml", {
- dashboard_domain = var.ip_addresses.dashboard.domain
- dashboard_certificate_name = local.dashboard_certificate_name
- dashboard_name = var.ip_addresses.dashboard.ip_name
- dashboard_ip = var.ip_addresses.dashboard.ip
-
- manager_domain = var.ip_addresses.manager.domain
- manager_certificate_name = local.manager_certificate_name
- manager_name = var.ip_addresses.manager.ip_name
- manager_ip = var.ip_addresses.manager.ip
-
- openid_connect_url = var.openid_connect_url
- })
- ]
-
- set_sensitive {
- name = "cluster.auth.key"
- value = random_id.hex_16.hex
- }
-
- set_sensitive {
- name = "indexer.keycloak.client_id"
- value = var.openid_client_id
- }
-
- set_sensitive {
- name = "indexer.keycloak.client_secret"
- value = var.openid_client_secret
- }
-
- set {
- name = "cluster.rootCaSecretName"
- value = local.root_secret_name
- }
-
- cleanup_on_fail = false
- wait = false
-
- depends_on = [kubernetes_namespace.wazuh_namespace, helm_release.other_resources]
-}
-
-resource "random_id" "hex_16" {
- byte_length = 16
-}
-
-resource "kubernetes_namespace" "wazuh_namespace" {
- metadata {
- name = "wazuh"
- }
-}
-# --- Root CA key ---
-resource "tls_private_key" "root_ca_key" {
- algorithm = "RSA"
- rsa_bits = 4096
-}
-
-# --- Self-signed Root CA cert ---
-resource "tls_self_signed_cert" "root_ca" {
- private_key_pem = tls_private_key.root_ca_key.private_key_pem
- is_ca_certificate = true
- validity_period_hours = 365 * 10 * 24 # ~10 years
-
- subject {
- country = var.subject.country
- locality = var.subject.locality
- organization = var.subject.organization
- common_name = var.subject.common_name
- }
-
- # Conservative, CA-appropriate usages
- allowed_uses = [
- "cert_signing",
- "crl_signing",
- "digital_signature",
- "key_encipherment",
- ]
-
- # Keep it SHA-256 like your openssl command
- early_renewal_hours = 0
-}
-
-# --- Kubernetes Secret with the PEMs ---
-resource "kubernetes_secret" "wazuh_root_ca" {
- metadata {
- name = local.root_secret_name
- namespace = kubernetes_namespace.wazuh_namespace.metadata[0].name
- }
-
- type = "Opaque"
-
- data = {
- "root-ca.pem" = tls_self_signed_cert.root_ca.cert_pem
- "root-ca-key.pem" = tls_private_key.root_ca_key.private_key_pem
- }
-}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
deleted file mode 100644
index caa1b114..00000000
--- a/terraform/outputs.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-output "dns_ns" {
- value = module.dns.name_servers
- description = "The Zone NS"
-}
-
-output "k8s_name" {
- value = module.k8s.cluster_name
-}
-
-output "k8s_host" {
- value = module.gke_auth.host
-}
-
-output "wazuh_domains" {
- value = {
- for k, v in local.wazuh_domains : k => {
- ip = module.ip[k].address
- name = module.ip[k].address_name
- cert_name = module.ip[k].address_name
- domain = "https://${v.domain}"
- }
- }
-}
diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars
deleted file mode 100644
index 2b62efc0..00000000
--- a/terraform/prod.tfvars
+++ /dev/null
@@ -1,15 +0,0 @@
-region = "europe-west3"
-name = "observe"
-root_domain_name = "observe.camer.digital"
-environment = "prod"
-
-project_id = "observe-472521"
-
-wazuh_helm_chart_version = "0.6.1-rc.1"
-
-subject = {
- country = "CM"
- locality = "Bangangte"
- organization = "adorsys GIS"
- common_name = "root-ca"
-}
diff --git a/terraform/providers.tf b/terraform/providers.tf
deleted file mode 100644
index d6034f6d..00000000
--- a/terraform/providers.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-provider "google" {
- credentials = file(var.credentials)
-
- region = var.region
-}
-
-provider "google-beta" {
- credentials = file(var.credentials)
-
- region = var.region
-}
-
-provider "helm" {
- kubernetes {
- cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
- host = module.gke_auth.host
- token = module.gke_auth.token
- }
-}
-
-provider "kubernetes" {
- cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
- host = module.gke_auth.host
- token = module.gke_auth.token
-}
-
-provider "random" {
-}
-
-provider "tls" {
-}
diff --git a/terraform/variables.tf b/terraform/variables.tf
deleted file mode 100644
index 964bd5c6..00000000
--- a/terraform/variables.tf
+++ /dev/null
@@ -1,113 +0,0 @@
-variable "project_id" {
- type = string
- description = "The ID of the project where this VPC will be created"
- default = ""
-}
-
-variable "create_project" {
- type = bool
- description = "Should we create a project?"
- default = false
-}
-
-variable "folder_id" {
- type = string
- description = "Folder ID in the folder in which project"
- default = null
-}
-
-variable "region" {
- type = string
- description = "The region where to deploy resources"
-}
-
-variable "name" {
- type = string
- default = "monitoring"
- description = "base name of this deployment"
-}
-
-variable "billing_account" {
- type = string
- sensitive = true
- description = "Billing account id for the project"
- default = ""
-}
-
-variable "org_id" {
- type = string
- description = "Google Organization ID"
- default = null
-}
-
-variable "root_domain_name" {
- type = string
- default = "observability.adorsys.team"
-}
-
-variable "environment" {
- type = string
-}
-
-variable "credentials" {
- type = string
- description = "File path to the credentials file. Keep in mind that the user or service account associated to this credentials file must have the necessary permissions to create the resources defined in this module."
- sensitive = true
-}
-
-variable "api_enabled_services" {
- description = "The list of apis necessary for the project"
- type = list(string)
- default = [
- "compute.googleapis.com",
- "gkehub.googleapis.com",
- "cloudresourcemanager.googleapis.com",
- "serviceusage.googleapis.com",
- "servicenetworking.googleapis.com",
- "cloudkms.googleapis.com",
- "logging.googleapis.com",
- "cloudbilling.googleapis.com",
- "iam.googleapis.com",
- "admin.googleapis.com",
- "storage-api.googleapis.com",
- "monitoring.googleapis.com",
- "securitycenter.googleapis.com",
- "billingbudgets.googleapis.com",
- "vpcaccess.googleapis.com",
- "dns.googleapis.com",
- "containerregistry.googleapis.com",
- "eventarc.googleapis.com",
- "run.googleapis.com",
- "container.googleapis.com",
- "dns.googleapis.com",
- "deploymentmanager.googleapis.com",
- "artifactregistry.googleapis.com",
- "cloudbuild.googleapis.com",
- "file.googleapis.com",
- "certificatemanager.googleapis.com",
- "domains.googleapis.com",
- ]
-}
-
-variable "wazuh_helm_chart_version" {
- type = string
-}
-
-variable "openid_client_id" {
- sensitive = true
- type = string
-}
-
-variable "openid_client_secret" {
- sensitive = true
- type = string
-}
-
-variable "subject" {
- type = object({
- country = string
- locality = string
- organization = string
- common_name = string
- })
-}
\ No newline at end of file
diff --git a/terraform/versions.tf b/terraform/versions.tf
deleted file mode 100644
index cde89aca..00000000
--- a/terraform/versions.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-terraform {
- required_version = ">= 1.9.8"
-
- required_providers {
- google = {
- source = "hashicorp/google"
- version = "~> 6.0"
- }
- google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 6.0"
- }
- kubernetes = {
- source = "hashicorp/kubernetes"
- version = "~> 2.0"
- }
- helm = {
- source = "hashicorp/helm"
- version = "~> 2.0"
- }
- random = {
- source = "hashicorp/random"
- version = "~> 3.0"
- }
- tls = {
- source = "hashicorp/tls"
- version = "~> 4.0"
- }
- }
-}